From b10f6877a0c8566b2adc52b256fc68a90d9f0c44 Mon Sep 17 00:00:00 2001
From: Reed Garmsen <rgarmsen2295@gmail.com>
Date: Thu, 18 Feb 2016 12:52:47 -0800
Subject: Fixed content security policy header

---
 api/context.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'api/context.go')

diff --git a/api/context.go b/api/context.go
index d0b4f85d2..9e05c5d87 100644
--- a/api/context.go
+++ b/api/context.go
@@ -161,7 +161,7 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	// Instruct the browser not to display us in an iframe for anti-clickjacking
 	if !h.isApi {
 		w.Header().Set("X-Frame-Options", "DENY")
-		w.Header().Set("Content-Security-Policy", "frame-ancestors none")
+		w.Header().Set("Content-Security-Policy", "frame-ancestors 'none'")
 	} else {
 		// All api response bodies will be JSON formatted by default
 		w.Header().Set("Content-Type", "application/json")
-- 
cgit v1.2.3-1-g7c22