From 454eb590cef6aa15f2abf01157a6c07f54df0c94 Mon Sep 17 00:00:00 2001
From: Savely Krasovsky <savely@krasovsky.me>
Date: Wed, 1 Apr 2020 05:50:25 +0300
Subject: [PATCH] Remove child-src CSP policy (deprecated)

---
 http/response/builder.go      | 2 +-
 http/response/builder_test.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/http/response/builder.go b/http/response/builder.go
index b8ba1efa..cff217e7 100644
--- a/http/response/builder.go
+++ b/http/response/builder.go
@@ -96,7 +96,7 @@ func (b *Builder) writeHeaders() {
 	b.headers["X-XSS-Protection"] = "1; mode=block"
 	b.headers["X-Content-Type-Options"] = "nosniff"
 	b.headers["X-Frame-Options"] = "DENY"
-	b.headers["Content-Security-Policy"] = "default-src 'self'; img-src *; media-src *; frame-src *; child-src *"
+	b.headers["Content-Security-Policy"] = "default-src 'self'; img-src *; media-src *; frame-src *"
 
 	for key, value := range b.headers {
 		b.w.Header().Set(key, value)
diff --git a/http/response/builder_test.go b/http/response/builder_test.go
index f4fef470..d2438a01 100644
--- a/http/response/builder_test.go
+++ b/http/response/builder_test.go
@@ -32,7 +32,7 @@ func TestResponseHasCommonHeaders(t *testing.T) {
 		"X-XSS-Protection":        "1; mode=block",
 		"X-Content-Type-Options":  "nosniff",
 		"X-Frame-Options":         "DENY",
-		"Content-Security-Policy": "default-src 'self'; img-src *; media-src *; frame-src *; child-src *",
+		"Content-Security-Policy": "default-src 'self'; img-src *; media-src *; frame-src *",
 	}
 
 	for header, expected := range headers {