mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-05-18 21:34:35 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add option for CSP frame-ancestors (#7857)

Browse Source 
* Add option for CSP frame-ancestors
https://github.com/FreshRSS/FreshRSS/discussions/7856

* Revert contentSelectorPreviewAction

* Same for f.php and api

* Fix double init in f.php

* No sandbox for API page
This commit is contained in:
Alexandre Alapetite
2025-09-21 13:29:58 +02:00
committed by GitHub
parent f1cf57b5b7
commit bc3e4c8fa4
10 changed files with 41 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Controllers/subscriptionController.php
View File

@@ -48,7 +48,7 @@ class FreshRSS_subscription_Controller extends FreshRSS_ActionController {
$this->_csp([
'default-src' => "'self'",
'frame-ancestors' => "'none'",
'frame-ancestors' => FreshRSS_Context::systemConf()->attributeString('csp.frame-ancestors') ?? "'none'",
'img-src' => "'self' blob:",
]);
@@ -118,7 +118,7 @@ class FreshRSS_subscription_Controller extends FreshRSS_ActionController {
$this->_csp([
'default-src' => "'self'",
'frame-ancestors' => "'none'",
'frame-ancestors' => FreshRSS_Context::systemConf()->attributeString('csp.frame-ancestors') ?? "'none'",
'img-src' => "'self' blob:",
]);