From 92de4dd4da75415536fd5a02d947069e088894bd Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Wed, 2 Jul 2014 09:14:42 +0200
Subject: [PATCH] Ensure that inline-js doest come back.

---
 src/org/cacert/gigi/Gigi.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java
index 445fe365..cef18349 100644
--- a/src/org/cacert/gigi/Gigi.java
+++ b/src/org/cacert/gigi/Gigi.java
@@ -149,8 +149,9 @@ public class Gigi extends HttpServlet {
 		hsr.addHeader("Access-Control-Allow-Origin",
 				"http://cacert.org https://localhost");
 		hsr.addHeader("Access-Control-Max-Age", "60");
-		// hsr.addHeader("Content-Security-Policy",
-		// "default-src 'self'; report-uri https://felix.dogcraft.de/report.php");
+		hsr.addHeader("Content-Security-Policy",
+				"default-src 'self' https://www.cacert.org/*;frame-ancestors 'none'");
+		// ;report-uri https://felix.dogcraft.de/report.php
 
 	}
 }
-- 
2.39.2