Home Explore Help
Sign In
LBP
/
miniflux_v2
mirror of https://github.com/miniflux/v2.git
4
0
Fork 0
Files Issues 0 Wiki
Browse Source

Remove child-src CSP policy (deprecated)

Savely Krasovsky 6 years ago
parent
9698c5e40a
commit
454eb590ce
2 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 1 1
      http/response/builder.go
  2. 1 1
      http/response/builder_test.go

+ 1 - 1
http/response/builder.go
View File 

@@ -96,7 +96,7 @@ func (b *Builder) writeHeaders() {
 
 	b.headers["X-XSS-Protection"] = "1; mode=block"
 
 	b.headers["X-Content-Type-Options"] = "nosniff"
 
 	b.headers["X-Frame-Options"] = "DENY"
 
-	b.headers["Content-Security-Policy"] = "default-src 'self'; img-src *; media-src *; frame-src *; child-src *"
 
+	b.headers["Content-Security-Policy"] = "default-src 'self'; img-src *; media-src *; frame-src *"
 
 
 	for key, value := range b.headers {
 
 		b.w.Header().Set(key, value)

+ 1 - 1
http/response/builder_test.go
View File 

@@ -32,7 +32,7 @@ func TestResponseHasCommonHeaders(t *testing.T) {
 
 		"X-XSS-Protection":        "1; mode=block",
 
 		"X-Content-Type-Options":  "nosniff",
 
 		"X-Frame-Options":         "DENY",
 
-		"Content-Security-Policy": "default-src 'self'; img-src *; media-src *; frame-src *; child-src *",
 
+		"Content-Security-Policy": "default-src 'self'; img-src *; media-src *; frame-src *",
 
 	}
 
 
 	for header, expected := range headers {