diff options
author | Max Kostikov <max@kostikov.co> | 2021-03-03 20:01:39 +0000 |
---|---|---|
committer | Max Kostikov <max@kostikov.co> | 2021-03-03 20:01:39 +0000 |
commit | 7e36727ce62318315698930d5209650d323a78a9 (patch) | |
tree | f14c1476cbb346045d7711321d2f8fa41554e78e /boot.php | |
parent | 1d899d387e89b67245249204249052bf7b65f5c1 (diff) | |
download | volse-hubzilla-7e36727ce62318315698930d5209650d323a78a9.tar.gz volse-hubzilla-7e36727ce62318315698930d5209650d323a78a9.tar.bz2 volse-hubzilla-7e36727ce62318315698930d5209650d323a78a9.zip |
Fix frame-src CSP error on video embedding
Diffstat (limited to 'boot.php')
-rw-r--r-- | boot.php | 9 |
1 files changed, 5 insertions, 4 deletions
@@ -2419,10 +2419,11 @@ function construct_page() { header("Strict-Transport-Security: max-age=31536000"); if(App::$config['system']['content_security_policy']) { - $cspsettings = Array ( - 'script-src' => Array ("'self'","'unsafe-inline'","'unsafe-eval'"), - 'style-src' => Array ("'self'","'unsafe-inline'") - ); + $cspsettings = [ + 'script-src' => [ "'self'", "'unsafe-inline'", "'unsafe-eval'" ], + 'style-src' => [ "'self'", "'unsafe-inline'" ], + 'frame-src' => [ "'self'" ] + ]; call_hooks('content_security_policy',$cspsettings); // Legitimate CSP directives (cxref: https://content-security-policy.com/) |