From 317f17489e36430ea5b945ab48819a10bf5068f0 Mon Sep 17 00:00:00 2001
From: Benedikt Kulmann <benedikt@kulmann.biz>
Date: Tue, 28 Jun 2022 10:24:20 +0000
Subject: [PATCH] Automated changelog update [skip ci]

---
 CHANGELOG.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4e12db244c..f9a94efa83 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,10 +6,20 @@ The following sections list the changes for unreleased.
 
 ## Summary
 
+* Bugfix - CSP rules for silent token refresh in iframe: [#4031](https://github.com/owncloud/ocis/pull/4031)
 * Enhancement - Refactor extensions to services: [#3980](https://github.com/owncloud/ocis/pull/3980)
 
 ## Details
 
+* Bugfix - CSP rules for silent token refresh in iframe: [#4031](https://github.com/owncloud/ocis/pull/4031)
+
+   When renewing the access token silently web needs to be opened in an iframe. This was previously
+   blocked by a restrictive iframe CSP rule in the `Secure` middleware and has now been fixed by
+   allow `self` for iframes.
+
+   https://github.com/owncloud/web/issues/7030
+   https://github.com/owncloud/ocis/pull/4031
+
 * Enhancement - Refactor extensions to services: [#3980](https://github.com/owncloud/ocis/pull/3980)
 
    We have decided to name all extensions, we maintain and provide with ocis, services from here on