Restrict inline JavaScript

2022-03-11 19:35:30 +01:00 · 2022-03-11 19:35:30 +01:00 · dc27157a46
commit dc27157a46
parent 5b847e1ce9
1 changed files with 1 additions and 1 deletions
--- a/photo21/templates/base.html
+++ b/photo21/templates/base.html
@ -10,7 +10,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
-    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-ancestors 'none'">
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'">
    <meta http-equiv="Referrer-Policy" content="no-referrer">
    <title>{% block title %}{{ title }}{% endblock title %} - {{ request.site.name }}</title>
    <meta name="description" content="{% trans "The ENS Paris-Saclay pictures server." %}">