From: Felix Dörre <felix@dogcraft.de>
Date: Wed, 2 Jul 2014 07:14:42 +0000 (+0200)
Subject: Ensure that inline-js doest come back.
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=92de4dd4da75415536fd5a02d947069e088894bd;hp=6e3b762716ac057051b2d4799102d492a8956fdf

Ensure that inline-js doest come back.
---

diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java
index 445fe365..cef18349 100644
--- a/src/org/cacert/gigi/Gigi.java
+++ b/src/org/cacert/gigi/Gigi.java
@@ -149,8 +149,9 @@ public class Gigi extends HttpServlet {
 		hsr.addHeader("Access-Control-Allow-Origin",
 				"http://cacert.org https://localhost");
 		hsr.addHeader("Access-Control-Max-Age", "60");
-		// hsr.addHeader("Content-Security-Policy",
-		// "default-src 'self'; report-uri https://felix.dogcraft.de/report.php");
+		hsr.addHeader("Content-Security-Policy",
+				"default-src 'self' https://www.cacert.org/*;frame-ancestors 'none'");
+		// ;report-uri https://felix.dogcraft.de/report.php
 
 	}
 }