Home Explore Help
Sign In
LBP
/
FressRSS
mirror of https://github.com/FreshRSS/FreshRSS.git
4
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge branch 'FreshRSS/dev' into dev

Alexandre Alapetite 10 years ago
parent
4c9377284b fb6b82167c
commit
c1ddc1faf2
3 changed files with 6 additions and 6 deletions
Unified View Show Diff Stats
  1. 1 1
      CHANGELOG.md
  2. 1 1
      app/FreshRSS.php
  3. 4 4
      app/i18n/de/install.php

+ 1 - 1
CHANGELOG.md
View File 

@@ -3,7 +3,7 @@
 
 ## 2016-03-xx FreshRSS 1.3.1-beta
 
 ## 2016-03-xx FreshRSS 1.3.1-beta
 
 
 
 * Security
 
 * Security
 
-	* Added CSP `Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/pull/1075)
 
+	* Added CSP `Content-Security-Policy: default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/pull/1075)
 
 * Features
 
 * Features
 
 	* New list of domains for which to force HTTPS (for images, videos, iframes…) defined in `./data/force-https.default.txt` and `./data/force-https.txt` [#1083](https://github.com/FreshRSS/FreshRSS/issues/1083)
 
 	* New list of domains for which to force HTTPS (for images, videos, iframes…) defined in `./data/force-https.default.txt` and `./data/force-https.txt` [#1083](https://github.com/FreshRSS/FreshRSS/issues/1083)
 
 		* In particular useful for privacy and to avoid mixed content errors, e.g. to see YouTube videos when FreshRSS is in HTTPS
 
 		* In particular useful for privacy and to avoid mixed content errors, e.g. to see YouTube videos when FreshRSS is in HTTPS

+ 1 - 1
app/FreshRSS.php
View File 

@@ -113,7 +113,7 @@ class FreshRSS extends Minz_FrontController {
 
 	public static function preLayout() {
 
 	public static function preLayout() {
 
 		switch (Minz_Request::controllerName()) {
 
 		switch (Minz_Request::controllerName()) {
 
 			case 'index':
 
 			case 'index':
 
-				header("Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *");
 
+				header("Content-Security-Policy: default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *");
 
 				break;
 
 				break;
 
 			case 'stats':
 
 			case 'stats':
 
 				header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'");
 
 				header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'");

+ 4 - 4
app/i18n/de/install.php
View File 

@@ -63,8 +63,8 @@ return array(
 
 			'ok' => 'Ihr HTTP REFERER ist bekannt und entspricht Ihrem Server.',
 
 			'ok' => 'Ihr HTTP REFERER ist bekannt und entspricht Ihrem Server.',
 
 		),
 
 		),
 
 		'json' => array(
 
 		'json' => array(
 
-			'nok' => 'You lack a recommended library to parse JSON.',
 
-			'ok' => 'You have a recommended library to parse JSON.',
 
+			'nok' => 'Ihnen fehlt eine empfohlene Bibliothek um JSON zu parsen.',
 
+			'ok' => 'Sie haben eine empfohlene Bibliothek um JSON zu parsen.',
 
 		),
 
 		),
 
 		'minz' => array(
 
 		'minz' => array(
 
 			'nok' => 'Ihnen fehlt das Minz-Framework.',
 
 			'nok' => 'Ihnen fehlt das Minz-Framework.',
 
@@ -91,8 +91,8 @@ return array(
 
 			'ok' => 'Die Berechtigungen des Verzeichnisses <em>./data/users</em> sind in Ordnung.',
 
 			'ok' => 'Die Berechtigungen des Verzeichnisses <em>./data/users</em> sind in Ordnung.',
 
 		),
 
 		),
 
 		'xml' => array(
 
 		'xml' => array(
 
-			'nok' => 'You lack the required library to parse XML.',
 
-			'ok' => 'You have the required library to parse XML.',
 
+			'nok' => 'Ihnen fehlt die benötigte Bibliothek um XML zu parsen.',
 
+			'ok' => 'Sie haben die benötigte Bibliothek um XML zu parsen.',
 
 		),
 
 		),
 
 	),
 
 	),
 
 	'conf' => array(
 
 	'conf' => array(