Remove X-Frame-Options in favor of CSP frame-ancestors Change-Id: I23a54a25cab8ec532618c82a403802ef2c9224b8

commit: aef5cf2d3f4f60b88adb24e20a909afe185aa507 [log] [tgz]
author: Akron <nils@diewald-online.de> Mon Jun 21 11:45:54 2021 +0200
committer: Akron <nils@diewald-online.de> Wed Jul 21 11:20:28 2021 +0200
tree: 75e3bdbddb670a7ac4796e5763b9203b4e82e516
parent: 780199efa58699d08b46c0930898a1501a66f076 [diff] [blame]
diff --git a/t/page.t b/t/page.t
index 9146c0f..0be13c8 100644
--- a/t/page.t
+++ b/t/page.t

@@ -29,11 +29,11 @@
   ->header_like('Content-Security-Policy', qr!media-src 'none';!)
   ->header_like('Content-Security-Policy', qr!object-src 'self';!)
   ->header_like('Content-Security-Policy', qr!nonce-!)
+  ->header_like('Content-Security-Policy', qr!frame-ancestors 'self';!)
   ->content_like(qr/<script nonce/)
   ->content_like(qr/document\.body\.classList\.remove\(\'no-js\'\);/)
   ->header_is('X-Content-Type-Options', 'nosniff')
   ->header_is('Access-Control-Allow-Methods','GET, POST, OPTIONS')
-  ->header_is('X-Frame-Options', 'sameorigin')
   ->header_is('X-XSS-Protection', '1; mode=block')
   ;
commit	aef5cf2d3f4f60b88adb24e20a909afe185aa507	[log] [tgz]
author	Akron <nils@diewald-online.de>	Mon Jun 21 11:45:54 2021 +0200
committer	Akron <nils@diewald-online.de>	Wed Jul 21 11:20:28 2021 +0200
tree	75e3bdbddb670a7ac4796e5763b9203b4e82e516
parent	780199efa58699d08b46c0930898a1501a66f076 [diff] [blame]