From 30fb0d01832fbe45dce74a24ab712e4ec4992c5d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adolfo=20G=C3=B3mez=20Garc=C3=ADa?= <dkmaster@dkmon.com>
Date: Mon, 19 Aug 2024 22:56:39 +0200
Subject: [PATCH] chore: Update Content-Security-Policy to include
 frame-ancestors 'none' for improved security

---
 server/src/uds/middleware/security.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/src/uds/middleware/security.py b/server/src/uds/middleware/security.py
index bf61eacea..1cde66487 100644
--- a/server/src/uds/middleware/security.py
+++ b/server/src/uds/middleware/security.py
@@ -93,7 +93,7 @@ def _process_response(
         response['X-XSS-Protection'] = '1; mode=block'
         # Add Content-Security-Policy, see https://www.owasp.org/index.php/Content_Security_Policy
         response['Content-Security-Policy'] = (
-            "default-src 'self' 'unsafe-inline' 'unsafe-eval' uds: udss:; img-src 'self' https: data:;"
+            "default-src 'self' 'unsafe-inline' 'unsafe-eval' uds: udss:; img-src 'self' https: data:; frame-ancestors 'none';"
         )
     return response