Skip to content
Snippets Groups Projects
Unverified Commit 454eb590 authored by Savely Krasovsky's avatar Savely Krasovsky Committed by GitHub
Browse files

Remove child-src CSP policy (deprecated)

parent 9698c5e4
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
http/response/builder.go
+ 1
1
View file @ 454eb590
......@@ -96,7 +96,7 @@ func (b *Builder) writeHeaders() {
b.headers["X-XSS-Protection"] = "1; mode=block"
b.headers["X-Content-Type-Options"] = "nosniff"
b.headers["X-Frame-Options"] = "DENY"
b.headers["Content-Security-Policy"] = "default-src 'self'; img-src *; media-src *; frame-src *; child-src *"
b.headers["Content-Security-Policy"] = "default-src 'self'; img-src *; media-src *; frame-src *"
for key, value := range b.headers {
b.w.Header().Set(key, value)
......
http/response/builder_test.go
+ 1
1
View file @ 454eb590
......@@ -32,7 +32,7 @@ func TestResponseHasCommonHeaders(t *testing.T) {
"X-XSS-Protection": "1; mode=block",
"X-Content-Type-Options": "nosniff",
"X-Frame-Options": "DENY",
"Content-Security-Policy": "default-src 'self'; img-src *; media-src *; frame-src *; child-src *",
"Content-Security-Policy": "default-src 'self'; img-src *; media-src *; frame-src *",
}
for header, expected := range headers {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment