From 73e5cb0697448ab8dbc5c42f7e5452194bef512e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sergio=20Casta=C3=B1o=20Arteaga?= <tegioz@icloud.com>
Date: Tue, 22 Oct 2024 11:17:54 +0200
Subject: [PATCH] Add frame-ancestors directive to CSP (#4111)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Sergio Castaño Arteaga <tegioz@icloud.com>
---
 internal/handlers/static/handlers.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/internal/handlers/static/handlers.go b/internal/handlers/static/handlers.go
index 71257806c4..37ffbb6d6e 100644
--- a/internal/handlers/static/handlers.go
+++ b/internal/handlers/static/handlers.go
@@ -32,7 +32,8 @@ const (
 	img-src 'self' data: https:;
 	manifest-src 'self';
 	script-src 'self' https://www.google-analytics.com;
-	style-src 'self' 'unsafe-inline'
+	style-src 'self' 'unsafe-inline';
+	frame-ancestors 'none';
 	`
 
 	indexCacheMaxAge = 5 * time.Minute