diff options
author | Max Kostikov <max@kostikov.co> | 2021-03-04 08:05:26 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2021-03-04 08:05:26 +0000 |
commit | 33b738d00bf4f50cc7b4fd94ab102e721e60b0a8 (patch) | |
tree | cfef778de2d1464eb212d5e28e4720bd3ad9f49b /boot.php | |
parent | c2dc3e8dec7acf1f1750f7379e641ae8c7a2ed81 (diff) | |
download | volse-hubzilla-33b738d00bf4f50cc7b4fd94ab102e721e60b0a8.tar.gz volse-hubzilla-33b738d00bf4f50cc7b4fd94ab102e721e60b0a8.tar.bz2 volse-hubzilla-33b738d00bf4f50cc7b4fd94ab102e721e60b0a8.zip |
Fix frame-src CSP error on video embedding
Diffstat (limited to 'boot.php')
-rw-r--r-- | boot.php | 11 |
1 files changed, 6 insertions, 5 deletions
@@ -2422,11 +2422,12 @@ function construct_page() { if(App::get_scheme() === 'https' && App::$config['system']['transport_security_header']) header("Strict-Transport-Security: max-age=31536000"); - if(isset(App::$config['system']['content_security_policy'])) { - $cspsettings = Array ( - 'script-src' => Array ("'self'","'unsafe-inline'","'unsafe-eval'"), - 'style-src' => Array ("'self'","'unsafe-inline'") - ); + if(App::$config['system']['content_security_policy']) { + $cspsettings = [ + 'script-src' => [ "'self'", "'unsafe-inline'", "'unsafe-eval'" ], + 'style-src' => [ "'self'", "'unsafe-inline'" ], + 'frame-src' => [ "'self'" ] + ]; call_hooks('content_security_policy',$cspsettings); // Legitimate CSP directives (cxref: https://content-security-policy.com/) |