Set a policy of allowing scripts on same domain

Chrome now has tighter rules via security auditorm this line needed to allow x-frame script use
2026-03-03 07:13:59 +01:00 · 2013-09-26 11:55:54 +01:00
parent ebc2764aab
commit bf755abbf4
1 changed files with 4 additions and 0 deletions
--- a/lib/settings.php
+++ b/lib/settings.php
@@ -15,6 +15,10 @@ $context = stream_context_create(array('http'=>
 	)
 ));

+// Set a policy of allowing scripts on the same domain
+//header("X-XSS-Protection: 0");
+header("X-Content-Security-Policy: allow 'self'");
+
 // Start a session if we haven't already
 if(!isset($_SESSION)) {@session_start();}