From c4cafae884edd5d391c7df6cb995d642496dbfd5 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Fri, 16 Aug 2019 21:29:57 +0200
Subject: [PATCH] frame-src doesn't respect the nonce attribute

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
index de892aacf26..b3f341ab054 100644
--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
@@ -494,9 +494,6 @@ class EmptyContentSecurityPolicy {
 
 		if(!empty($this->allowedFrameDomains)) {
 			$policy .= 'frame-src ';
-			if(is_string($this->useJsNonce)) {
-				$policy .= '\'nonce-' . base64_encode($this->useJsNonce) . '\' ';
-			}
 			$policy .= implode(' ', $this->allowedFrameDomains);
 			$policy .= ';';
 		}
-- 
GitLab