From bf755abbf495e27d3831cada7db3e5022865ba2d Mon Sep 17 00:00:00 2001
From: Matt Pass <matt@mattpass.com>
Date: Thu, 26 Sep 2013 11:55:54 +0100
Subject: [PATCH] Set a policy of allowing scripts on same domain

Chrome now has tighter rules via security auditorm this line needed to
allow x-frame script use
---
 lib/settings.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/settings.php b/lib/settings.php
index a4e4c2a..364aa44 100644
--- a/lib/settings.php
+++ b/lib/settings.php
@@ -15,6 +15,10 @@ $context = stream_context_create(array('http'=>
 	)
 ));
 
+// Set a policy of allowing scripts on the same domain
+//header("X-XSS-Protection: 0");
+header("X-Content-Security-Policy: allow 'self'");
+
 // Start a session if we haven't already
 if(!isset($_SESSION)) {@session_start();}