diff options
author | Reed Garmsen <rgarmsen2295@gmail.com> | 2016-02-18 12:52:47 -0800 |
---|---|---|
committer | Reed Garmsen <rgarmsen2295@gmail.com> | 2016-02-18 12:52:47 -0800 |
commit | b10f6877a0c8566b2adc52b256fc68a90d9f0c44 (patch) | |
tree | 4e78991fcf4a3066b3579d281166e845700b58aa /api | |
parent | daa06ad41e0fe8c9b2b443952e893af354addd95 (diff) | |
download | chat-b10f6877a0c8566b2adc52b256fc68a90d9f0c44.tar.gz chat-b10f6877a0c8566b2adc52b256fc68a90d9f0c44.tar.bz2 chat-b10f6877a0c8566b2adc52b256fc68a90d9f0c44.zip |
Fixed content security policy header
Diffstat (limited to 'api')
-rw-r--r-- | api/context.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/api/context.go b/api/context.go index d0b4f85d2..9e05c5d87 100644 --- a/api/context.go +++ b/api/context.go @@ -161,7 +161,7 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { // Instruct the browser not to display us in an iframe for anti-clickjacking if !h.isApi { w.Header().Set("X-Frame-Options", "DENY") - w.Header().Set("Content-Security-Policy", "frame-ancestors none") + w.Header().Set("Content-Security-Policy", "frame-ancestors 'none'") } else { // All api response bodies will be JSON formatted by default w.Header().Set("Content-Type", "application/json") |