1
0
Fork 0

Remove child-src CSP policy (deprecated)

This commit is contained in:
Savely Krasovsky 2020-04-01 05:50:25 +03:00 committed by GitHub
parent 9698c5e40a
commit 454eb590ce
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions

View file

@ -96,7 +96,7 @@ func (b *Builder) writeHeaders() {
b.headers["X-XSS-Protection"] = "1; mode=block" b.headers["X-XSS-Protection"] = "1; mode=block"
b.headers["X-Content-Type-Options"] = "nosniff" b.headers["X-Content-Type-Options"] = "nosniff"
b.headers["X-Frame-Options"] = "DENY" b.headers["X-Frame-Options"] = "DENY"
b.headers["Content-Security-Policy"] = "default-src 'self'; img-src *; media-src *; frame-src *; child-src *" b.headers["Content-Security-Policy"] = "default-src 'self'; img-src *; media-src *; frame-src *"
for key, value := range b.headers { for key, value := range b.headers {
b.w.Header().Set(key, value) b.w.Header().Set(key, value)

View file

@ -32,7 +32,7 @@ func TestResponseHasCommonHeaders(t *testing.T) {
"X-XSS-Protection": "1; mode=block", "X-XSS-Protection": "1; mode=block",
"X-Content-Type-Options": "nosniff", "X-Content-Type-Options": "nosniff",
"X-Frame-Options": "DENY", "X-Frame-Options": "DENY",
"Content-Security-Policy": "default-src 'self'; img-src *; media-src *; frame-src *; child-src *", "Content-Security-Policy": "default-src 'self'; img-src *; media-src *; frame-src *",
} }
for header, expected := range headers { for header, expected := range headers {