diff options
| author | Mario <mario@mariovavti.com> | 2021-03-04 08:05:27 +0000 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2021-03-04 08:05:27 +0000 |
| commit | cb0199603908e617e10a4d8ba8ec569a59178e6b (patch) | |
| tree | cfef778de2d1464eb212d5e28e4720bd3ad9f49b | |
| parent | c2dc3e8dec7acf1f1750f7379e641ae8c7a2ed81 (diff) | |
| parent | 33b738d00bf4f50cc7b4fd94ab102e721e60b0a8 (diff) | |
| download | volse-hubzilla-cb0199603908e617e10a4d8ba8ec569a59178e6b.tar.gz volse-hubzilla-cb0199603908e617e10a4d8ba8ec569a59178e6b.tar.bz2 volse-hubzilla-cb0199603908e617e10a4d8ba8ec569a59178e6b.zip | |
Merge branch 'dev' into 'dev'
Fix frame-src CSP error on video embedding
See merge request hubzilla/core!1918
| -rw-r--r-- | boot.php | 11 |
1 files changed, 6 insertions, 5 deletions
@@ -2422,11 +2422,12 @@ function construct_page() { if(App::get_scheme() === 'https' && App::$config['system']['transport_security_header']) header("Strict-Transport-Security: max-age=31536000"); - if(isset(App::$config['system']['content_security_policy'])) { - $cspsettings = Array ( - 'script-src' => Array ("'self'","'unsafe-inline'","'unsafe-eval'"), - 'style-src' => Array ("'self'","'unsafe-inline'") - ); + if(App::$config['system']['content_security_policy']) { + $cspsettings = [ + 'script-src' => [ "'self'", "'unsafe-inline'", "'unsafe-eval'" ], + 'style-src' => [ "'self'", "'unsafe-inline'" ], + 'frame-src' => [ "'self'" ] + ]; call_hooks('content_security_policy',$cspsettings); // Legitimate CSP directives (cxref: https://content-security-policy.com/) |