MantisBT: master 2d2f6f7b

Author Committer Branch Timestamp Parent
dregad dregad master 2019-08-28 19:46:01 master d722a833
Affected Issues  0026093: Content Security Policy directive 'frame-ancestors' contains an invalid source when http_csp_add is called for it
Changeset

Drop CSP frame-ancestor: 'none' if other sources exist

If both 'none' and other values (e.g. 'self') are defined for the
frame-ancestor CSP directive, http_csp_value() now drops 'none', which
is the default set by MantisBT core, and can only exist by itself.

Fixes 0026093

mod - core/http_api.php Diff File