From c8f815552acc9807ec62d9fffbd0d67cf3f4a760 Mon Sep 17 00:00:00 2001
From: Daniel Winzen <daniel@danwin1210.me>
Date: Thu, 15 Oct 2020 20:31:50 +0200
Subject: [PATCH] Disallow framing in CSP

---
 common_config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common_config.php b/common_config.php
index eb61f8a..2c027a0 100644
--- a/common_config.php
+++ b/common_config.php
@@ -123,7 +123,7 @@ function send_headers(array $styles = []){
 	foreach($styles as $style) {
 		$style_hashes .= " 'sha256-".base64_encode(hash('sha256', $style, true))."'";
 	}
-	header("Content-Security-Policy: default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self' data:; media-src 'self'; style-src 'self'$style_hashes");
+	header("Content-Security-Policy: default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data:; media-src 'self'; style-src 'self'$style_hashes");
 	header('X-Content-Type-Options: nosniff');
 	header('X-Frame-Options: sameorigin');
 	header('X-XSS-Protection: 1; mode=block');