Ammend CSP (#1138)

_example/etc/manager-apache2.4.conf

@@ -41,7 +41,7 @@
         SetHandler fcgid-script
         Options +ExecCGI
         <IfModule mod_headers.c>
-            header set Content-Security-Policy "default-src 'self';"
+            header set Content-Security-Policy "default-src 'self';frame-ancessor 'none':form-action 'self';"
             header set X-Content-Type-Options nosniff
             header set X-Frame-Options DENY
             header set X-XSS-Protection "1; mode=block"

_example/etc/manager-apache2.X.conf

@@ -41,7 +41,7 @@
         SetHandler fcgid-script
         Options +ExecCGI
         <IfModule mod_headers.c>
-            header set Content-Security-Policy "default-src 'self';"
+            header set Content-Security-Policy "default-src 'self';frame-ancessor 'none':form-action 'self';"
             header set X-Content-Type-Options nosniff
             header set X-Frame-Options DENY
             header set X-XSS-Protection "1; mode=block"

_example/etc/manager-apache2.conf

@@ -41,7 +41,7 @@
         SetHandler fcgid-script
         Options +ExecCGI
         <IfModule mod_headers.c>
-            header set Content-Security-Policy "default-src 'self';"
+            header set Content-Security-Policy "default-src 'self';frame-ancessor 'none':form-action 'self';"
             header set X-Content-Type-Options nosniff
             header set X-Frame-Options DENY
             header set X-XSS-Protection "1; mode=block"

_example/etc/manager-nginx.conf

@@ -16,7 +16,7 @@ server {
     fastcgi_param PATH_INFO  $fastcgi_path_info;
     add_header X-Content-Type-Options nosniff;
     add_header X-XSS-Protection "1; mode=block";
-    add_header Content-Security-Policy "default-src 'self';";
+    add_header Content-Security-Policy "default-src 'self';frame-ancessor 'none':form-action 'self';";
     add_header X-Frame-Options DENY;
     # Uncomment this if you use https only
     #add_header Strict-Transport-Security "15768000";