Software /
code /
prosody
Changeset
11611:a6d1131ac833
mod_http_file_share: Update comment about x-frame-options
X-Frame-Options was replaced by the Content-Security-Policy
'frame-ancestors' directive, but Internet Explorer does not support that
part of CSP.
Since it's just one line it doesn't hurt to keep until some future
spring cleaning event :)
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 20 Jun 2021 16:30:24 +0200 |
parents | 11610:d221d764741a |
children | 11612:bc43731b275a |
files | plugins/mod_http_file_share.lua |
diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_http_file_share.lua Sat Jun 19 13:25:48 2021 +0200 +++ b/plugins/mod_http_file_share.lua Sun Jun 20 16:30:24 2021 +0200 @@ -404,7 +404,7 @@ response.headers.content_security_policy = "default-src 'none'; frame-ancestors 'none';" response.headers.strict_transport_security = "max-age=31556952"; response.headers.x_content_type_options = "nosniff"; - response.headers.x_frame_options = "DENY"; -- replaced by frame-ancestors in CSP? + response.headers.x_frame_options = "DENY"; -- COMPAT IE missing support for CSP frame-ancestors response.headers.x_xss_protection = "1; mode=block"; return response:send_file(handle);