From c4f16e64041204e4b85051bbe6132b26aded6c74 Mon Sep 17 00:00:00 2001
From: frankdelange <github-f@unternet.org>
Date: Mon, 7 Sep 2015 15:23:08 +0200
Subject: [PATCH] files_reader: added allowedFrameDomain for compatibility with
 older browsers which do not support the child-src CSP directive

---
 files_reader/controller/displaycontroller.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/files_reader/controller/displaycontroller.php b/files_reader/controller/displaycontroller.php
index 91edf95..a313128 100644
--- a/files_reader/controller/displaycontroller.php
+++ b/files_reader/controller/displaycontroller.php
@@ -46,7 +46,9 @@ class DisplayController extends Controller {
 
 		$csp = new ContentSecurityPolicy();
 		$csp->addAllowedChildSrcDomain('\'self\'');
+		$csp->addAllowedFrameDomain('\'self\'');
 		$csp->addAllowedStyleDomain('blob:');
+		$csp->addAllowedImageDomain('blob:');
 		$response->setContentSecurityPolicy($csp);
 
 		return $response;