Allow iframes to external domains

3ffbaf47 · Lukas Reschke · 82231175 · 3ffbaf47
Commit 3ffbaf47 authored 12 years ago by Lukas Reschke
--- a/lib/template.php
+++ b/lib/template.php
@@ -189,8 +189,8 @@ class OC_Template{
 		header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains
 		header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters
 		header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
-		header('Content-Security-Policy: default-src \'self\'; style-src \'self\' \'unsafe-inline\'');
-		header('X-WebKit-CSP: default-src \'self\'; style-src \'self\' \'unsafe-inline\'');
+		header('Content-Security-Policy: default-src \'self\'; style-src \'self\' \'unsafe-inline\'; frame-src *');
+		header('X-WebKit-CSP: default-src \'self\'; style-src \'self\' \'unsafe-inline\'; frame-src *');

 		$this->findTemplate($name);
 	}