aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-03-04 08:05:27 +0000
committerMario <mario@mariovavti.com>2021-03-04 08:05:27 +0000
commitcb0199603908e617e10a4d8ba8ec569a59178e6b (patch)
treecfef778de2d1464eb212d5e28e4720bd3ad9f49b
parentc2dc3e8dec7acf1f1750f7379e641ae8c7a2ed81 (diff)
parent33b738d00bf4f50cc7b4fd94ab102e721e60b0a8 (diff)
downloadvolse-hubzilla-cb0199603908e617e10a4d8ba8ec569a59178e6b.tar.gz
volse-hubzilla-cb0199603908e617e10a4d8ba8ec569a59178e6b.tar.bz2
volse-hubzilla-cb0199603908e617e10a4d8ba8ec569a59178e6b.zip
Merge branch 'dev' into 'dev'
Fix frame-src CSP error on video embedding See merge request hubzilla/core!1918
-rw-r--r--boot.php11
1 files changed, 6 insertions, 5 deletions
diff --git a/boot.php b/boot.php
index ccf1c9d72..2df98a19d 100644
--- a/boot.php
+++ b/boot.php
@@ -2422,11 +2422,12 @@ function construct_page() {
if(App::get_scheme() === 'https' && App::$config['system']['transport_security_header'])
header("Strict-Transport-Security: max-age=31536000");
- if(isset(App::$config['system']['content_security_policy'])) {
- $cspsettings = Array (
- 'script-src' => Array ("'self'","'unsafe-inline'","'unsafe-eval'"),
- 'style-src' => Array ("'self'","'unsafe-inline'")
- );
+ if(App::$config['system']['content_security_policy']) {
+ $cspsettings = [
+ 'script-src' => [ "'self'", "'unsafe-inline'", "'unsafe-eval'" ],
+ 'style-src' => [ "'self'", "'unsafe-inline'" ],
+ 'frame-src' => [ "'self'" ]
+ ];
call_hooks('content_security_policy',$cspsettings);
// Legitimate CSP directives (cxref: https://content-security-policy.com/)