From ffa09f900b11a6b6c45774892c1856fa178fcd0d Mon Sep 17 00:00:00 2001 From: yuri Date: Thu, 28 Sep 2023 04:58:38 +0200 Subject: [PATCH] Change Content-Security-Policy "frame-ancestors" from "none" to "self" Fixes downloads in element-web --- config/hosts/web-public-2/virtualHosts/element.nekover.se.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix index 8e9b555..47c2735 100644 --- a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix +++ b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix @@ -72,7 +72,7 @@ in add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; - add_header Content-Security-Policy "frame-ancestors 'none'"; + add_header Content-Security-Policy "frame-ancestors 'self'"; add_header Strict-Transport-Security "max-age=63072000" always;