Overview

File 0001-Set-Content-Security-Policy-bsc-984619.patch of Package hawk2.3651

commit e0cb037f9762459989dcc88515b0b9e22e675158
Author: Kristoffer Grönlund <krig@koru.se>
Date:   Tue Jul 5 19:15:05 2016 +0200

    Set Content-Security-Policy to frame-ancestors 'self' (bsc#984619)

diff --git a/hawk/app/controllers/application_controller.rb b/hawk/app/controllers/application_controller.rb
index a5e76f5..3abbab1 100644
--- a/hawk/app/controllers/application_controller.rb
+++ b/hawk/app/controllers/application_controller.rb
@@ -113,6 +113,7 @@ class ApplicationController < ActionController::Base
   end
 
   def cors_set_access_control_headers
+    response.headers['Content-Security-Policy'] = "frame-ancestors 'self'"
     if request.headers['Origin']
       response.headers['Access-Control-Allow-Origin'] = request.headers["Origin"]
       response.headers['Access-Control-Allow-Credentials'] = 'true'
openSUSE Build Service is sponsored by
Places