Add option for CSP frame-ancestors (#7857)

* Add option for CSP frame-ancestors https://github.com/FreshRSS/FreshRSS/discussions/7856 * Revert contentSelectorPreviewAction * Same for f.php and api * Fix double init in f.php * No sandbox for API page
2026-05-19 05:44:39 -04:00 · 2025-09-21 13:29:58 +02:00
parent f1cf57b5b7
commit bc3e4c8fa4
10 changed files with 41 additions and 25 deletions
--- a/app/Controllers/statsController.php
+++ b/app/Controllers/statsController.php
@@ -29,7 +29,7 @@ class FreshRSS_stats_Controller extends FreshRSS_ActionController {

 		$this->_csp([
 			'default-src' => "'self'",
-			'frame-ancestors' => "'none'",
+			'frame-ancestors' => FreshRSS_Context::systemConf()->attributeString('csp.frame-ancestors') ?? "'none'",
 			'img-src' => '* data: blob:',
 		]);