X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FGigi.java;h=fa259c96c77cbf99835c8df72e374c863935bd3e;hp=cef183495315a748cff19d96c8433d99679cb6ef;hb=d690eda36eba121aa79e4f456d5f0eb481be8b86;hpb=474942bce8bf8f8e4d777c93b332bc64fc724824

diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java
index cef18349..fa259c96 100644
--- a/src/org/cacert/gigi/Gigi.java
+++ b/src/org/cacert/gigi/Gigi.java
@@ -28,6 +28,7 @@ import org.cacert.gigi.pages.account.MailOverview;
 import org.cacert.gigi.pages.account.MyDetails;
 import org.cacert.gigi.pages.main.RegisterPage;
 import org.cacert.gigi.pages.wot.AssurePage;
+import org.cacert.gigi.util.ServerConstants;
 import org.eclipse.jetty.util.log.Log;
 
 public class Gigi extends HttpServlet {
@@ -149,8 +150,9 @@ public class Gigi extends HttpServlet {
 		hsr.addHeader("Access-Control-Allow-Origin",
 				"http://cacert.org https://localhost");
 		hsr.addHeader("Access-Control-Max-Age", "60");
-		hsr.addHeader("Content-Security-Policy",
-				"default-src 'self' https://www.cacert.org/*;frame-ancestors 'none'");
+		hsr.addHeader("Content-Security-Policy", "default-src 'self' https://"
+				+ ServerConstants.getStaticHostNamePort()
+				+ " https://www.cacert.org/*;frame-ancestors 'none'");
 		// ;report-uri https://felix.dogcraft.de/report.php
 
 	}