From 2508e550fcffc58e05a5f3482ad29d8cbc9577a6 Mon Sep 17 00:00:00 2001
From: Jan Holesovsky <kendy@collabora.com>
Date: Tue, 12 Apr 2016 20:17:00 +0200
Subject: [PATCH] Content Security Policy: frame-src is deprecated, use
 child-src instead.

---
 controller/documentcontroller.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controller/documentcontroller.php b/controller/documentcontroller.php
index 980b73bf..50eaf1ed 100644
--- a/controller/documentcontroller.php
+++ b/controller/documentcontroller.php
@@ -172,7 +172,7 @@ class DocumentController extends Controller {
 
 		$policy = new ContentSecurityPolicy();
 		$policy->addAllowedScriptDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\' ' . $wopiRemote);
-		$policy->addAllowedFrameDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\' ' . $wopiRemote);
+		$policy->addAllowedChildSrcDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\' ' . $wopiRemote);
 		$policy->addAllowedConnectDomain($webSocket);
 		$policy->addAllowedImageDomain('*');
 		$policy->allowInlineScript(true);