diff options
| author | Joram Wilander <jwawilander@gmail.com> | 2016-02-18 17:33:35 -0500 |
|---|---|---|
| committer | Joram Wilander <jwawilander@gmail.com> | 2016-02-18 17:33:35 -0500 |
| commit | 3c5744f0d60f69ae54b2a87e097dd582547fbc32 (patch) | |
| tree | 4e78991fcf4a3066b3579d281166e845700b58aa | |
| parent | daa06ad41e0fe8c9b2b443952e893af354addd95 (diff) | |
| parent | b10f6877a0c8566b2adc52b256fc68a90d9f0c44 (diff) | |
| download | chat-3c5744f0d60f69ae54b2a87e097dd582547fbc32.tar.gz chat-3c5744f0d60f69ae54b2a87e097dd582547fbc32.tar.bz2 chat-3c5744f0d60f69ae54b2a87e097dd582547fbc32.zip | |
Merge pull request #2193 from rgarmsen2295/plt-1858
PLT-1858 Fixed content security policy header
| -rw-r--r-- | api/context.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/api/context.go b/api/context.go index d0b4f85d2..9e05c5d87 100644 --- a/api/context.go +++ b/api/context.go @@ -161,7 +161,7 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { // Instruct the browser not to display us in an iframe for anti-clickjacking if !h.isApi { w.Header().Set("X-Frame-Options", "DENY") - w.Header().Set("Content-Security-Policy", "frame-ancestors none") + w.Header().Set("Content-Security-Policy", "frame-ancestors 'none'") } else { // All api response bodies will be JSON formatted by default w.Header().Set("Content-Type", "application/json") |