Question regarding "Content-Security-Policy"




First of all let me start by stating the fact that I am a bit noobish in servers and web services.

I have setup ownCloud both on a shared hosting and on a private server and what I would like is to add a iframe to the public download page.

I've editted ../apps/files_sharing/templates/public.php to add my iframe code for my facebook page, but it stays white and doesn't load.

Chrome console states the following:
Refused to frame '[FB LINK HERE]' because it violates the following Content Security Policy directive: "frame-src 'self'".


This is a description, was is the actual question?

More about CSP:
And you see perhaps the reason this is enabled in owncloud by default. You could just turn it off but that removes also the protection it provides. So you are looking in a special app/feature to allow the use of integrating owncloud as an iframe to external services?


Sorry, I thought that my question was implied.

I want to disable what is keeping me achieving what I want. I understand the security risks and I do not care. I just don't know how to disable it.

I want to put external content on the public download page as iframe. Embedding a youtube video for example or adding a facebook page.


You can search through the oC code for:


and remove that on your own risk.