Do not escape as html

2019-10-14 16:03:57 -07:00
parent 7115498f32
commit 9997cbddb8
1 changed files with 1 additions and 1 deletions
@@ -99,7 +99,7 @@ server {
    add_header Content-Security-Policy "default-src 'none'; frame-src 'self' cloudron.io *.cloudron.io; connect-src wss: https: 'self' *.cloudron.io; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src https: 'unsafe-inline'; object-src 'none'; font-src https: 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self';";
 <% } else { %>
    <% if (frameAncestorsQuoted) { %>
-    add_header Content-Security-Policy "Frame-ancestors  <%= frameAncestorsQuoted %>";
+    add_header Content-Security-Policy "Frame-ancestors  <%- frameAncestorsQuoted %>";
    <% } else { %>
    add_header Content-Security-Policy "Frame-ancestors 'self'";
    <% } %>