frame-src doesn't respect the nonce attribute
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
parent
6db355848b
commit
c4cafae884
|
@ -494,9 +494,6 @@ class EmptyContentSecurityPolicy {
|
|||
|
||||
if(!empty($this->allowedFrameDomains)) {
|
||||
$policy .= 'frame-src ';
|
||||
if(is_string($this->useJsNonce)) {
|
||||
$policy .= '\'nonce-' . base64_encode($this->useJsNonce) . '\' ';
|
||||
}
|
||||
$policy .= implode(' ', $this->allowedFrameDomains);
|
||||
$policy .= ';';
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue