From 9a7d3634d5efb5bddfc7065f971eae467370813f Mon Sep 17 00:00:00 2001
From: dheimerl <34488243+dheimerl@users.noreply.github.com>
Date: Tue, 18 Dec 2018 10:19:35 -0600
Subject: [PATCH] Changed frame-ancestors to use 'self'

---
 src/api/web.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/api/web.rs b/src/api/web.rs
index 31bfe3a0..bcf41bd7 100644
--- a/src/api/web.rs
+++ b/src/api/web.rs
@@ -56,7 +56,7 @@ impl<'r, R: Responder<'r>> Responder<'r> for WebHeaders<R> {
                 res.set_raw_header("X-Frame-Options", "SAMEORIGIN");
                 res.set_raw_header("X-Content-Type-Options", "nosniff");
                 res.set_raw_header("X-XSS-Protection", "1; mode=block");
-                let csp = "frame-ancestors chrome-extension://nngceckbapebfimnlniiiahkandclblb moz-extension://* ".to_owned() + &CONFIG.domain + ";";
+                let csp = "frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb moz-extension://*;";
                 res.set_raw_header("Content-Security-Policy", csp);
 
                 Ok(res)