pub/charts
1
0
Fork 0
Code Issues Pull requests Releases Packages 19 Activity Actions

element-web: Use a wider CSP default

Browse source 
X-Frame-Options should be the source of truth for this particular policy
decision, but it seems some browsers aren't collating the two correctly,
so a slightly wider CSP policy allows those to behave reasonably.
This commit is contained in:
Alexander Olofsson 2023-09-25 15:26:00 +02:00
parent cc5584e1d8
commit c52f424e79
No known key found for this signature in database
GPG key ID: D439C9470CB04C73
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
charts/element-web/Chart.yaml
View file

@ -10,7 +10,7 @@ icon: https://element.io/images/logo-mark-primary.svg
appVersion: 1.11.42 appVersion: 1.11.42
type: application type: application
version: 1.2.13 version: 1.3.0
maintainers: maintainers:
- name: Alexander Olofsson - name: Alexander Olofsson

2
charts/element-web/values.yaml
View file

@ -34,7 +34,7 @@ nginxConfig: |-
add_header X-Frame-Options SAMEORIGIN; add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'none'"; add_header Content-Security-Policy "frame-ancestors 'self'";
## Configuration for mounting additional volumes into the application container. ## Configuration for mounting additional volumes into the application container.
## ##