files_reader: added allowedFrameDomain for compatibility with older browsers which do not support the child-src CSP directive

2025-10-02 14:49:17 +02:00 · 2015-09-07 15:23:08 +02:00 · 2015-09-07 15:23:08 +02:00 · c4f16e6404
commit c4f16e6404
parent 49b3914585
1 changed files with 2 additions and 0 deletions
--- a/files_reader/controller/displaycontroller.php
+++ b/files_reader/controller/displaycontroller.php
@ -46,7 +46,9 @@ class DisplayController extends Controller {

 		$csp = new ContentSecurityPolicy();
 		$csp->addAllowedChildSrcDomain('\'self\'');
+		$csp->addAllowedFrameDomain('\'self\'');
 		$csp->addAllowedStyleDomain('blob:');
+		$csp->addAllowedImageDomain('blob:');
 		$response->setContentSecurityPolicy($csp);

 		return $response;