Fixed content security policy header

author: Reed Garmsen <rgarmsen2295@gmail.com> 2016-02-18 12:52:47 -0800
committer: Reed Garmsen <rgarmsen2295@gmail.com> 2016-02-18 12:52:47 -0800
commit: b10f6877a0c8566b2adc52b256fc68a90d9f0c44 (patch)
tree: 4e78991fcf4a3066b3579d281166e845700b58aa /api/context.go
parent: daa06ad41e0fe8c9b2b443952e893af354addd95 (diff)
download: chat-b10f6877a0c8566b2adc52b256fc68a90d9f0c44.tar.gz
chat-b10f6877a0c8566b2adc52b256fc68a90d9f0c44.tar.bz2
chat-b10f6877a0c8566b2adc52b256fc68a90d9f0c44.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/api/context.go b/api/context.go
index d0b4f85d2..9e05c5d87 100644
--- a/api/context.go
+++ b/api/context.go
@@ -161,7 +161,7 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	// Instruct the browser not to display us in an iframe for anti-clickjacking
 	if !h.isApi {
 		w.Header().Set("X-Frame-Options", "DENY")
-		w.Header().Set("Content-Security-Policy", "frame-ancestors none")
+		w.Header().Set("Content-Security-Policy", "frame-ancestors 'none'")
 	} else {
 		// All api response bodies will be JSON formatted by default
 		w.Header().Set("Content-Type", "application/json")
author	Reed Garmsen <rgarmsen2295@gmail.com>	2016-02-18 12:52:47 -0800
committer	Reed Garmsen <rgarmsen2295@gmail.com>	2016-02-18 12:52:47 -0800
commit	b10f6877a0c8566b2adc52b256fc68a90d9f0c44 (patch)
tree	4e78991fcf4a3066b3579d281166e845700b58aa /api/context.go
parent	daa06ad41e0fe8c9b2b443952e893af354addd95 (diff)
download	chat-b10f6877a0c8566b2adc52b256fc68a90d9f0c44.tar.gz chat-b10f6877a0c8566b2adc52b256fc68a90d9f0c44.tar.bz2 chat-b10f6877a0c8566b2adc52b256fc68a90d9f0c44.zip