Adjust security headers to allow pdf rendering

2025-10-26 08:06:09 +01:00 · 2024-03-04 14:50:39 +01:00
parent 98a6fd185e
commit 1ab5c3fe80
1 changed files with 2 additions and 2 deletions
--- a/scm-webapp/src/main/java/sonia/scm/filter/SecurityHeadersFilter.java
+++ b/scm-webapp/src/main/java/sonia/scm/filter/SecurityHeadersFilter.java
@@ -42,8 +42,8 @@ public class SecurityHeadersFilter extends HttpFilter {
    response.setHeader("X-Content-Type-Options", "nosniff");
    response.setHeader("Content-Security-Policy",
        "form-action 'self'; " +
-        "object-src 'none'; " +
-        "frame-ancestors 'none'; " +
+        "object-src 'self'; " +
+        "frame-ancestors 'self'; " +
        "block-all-mixed-content"
    );
    response.setHeader("Permissions-Policy",