Overview

File 0001-Set-Content-Security-Policy-to-frame-ancestors-self-.patch of Package hawk.5195

From 5e4d17378ab83e75dde672901375ffe650d43682 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kristoffer=20Gr=C3=B6nlund?= <krig@koru.se>
Date: Thu, 14 Jul 2016 09:35:24 +0200
Subject: [PATCH] Set Content-Security-Policy to frame-ancestors 'self'
 (bsc#984619)

---
 hawk/app/controllers/application_controller.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hawk/app/controllers/application_controller.rb b/hawk/app/controllers/application_controller.rb
index 9e3eb96..d6f2096 100644
--- a/hawk/app/controllers/application_controller.rb
+++ b/hawk/app/controllers/application_controller.rb
@@ -77,6 +77,7 @@ class ApplicationController < ActionController::Base
   end
 
   def cors_set_access_control_headers
+    response.headers['Content-Security-Policy'] = "frame-ancestors 'self'"
     if request.headers['Origin']
       response.headers['Access-Control-Allow-Origin'] = request.headers["Origin"]
       response.headers['Access-Control-Allow-Credentials'] = 'true'
-- 
2.9.0
openSUSE Build Service is sponsored by
Places