Fix frame-src CSP error on video embedding

author: Max Kostikov <max@kostikov.co> 2021-03-03 20:01:39 +0000
committer: Max Kostikov <max@kostikov.co> 2021-03-03 20:01:39 +0000
commit: 7e36727ce62318315698930d5209650d323a78a9 (patch)
tree: f14c1476cbb346045d7711321d2f8fa41554e78e /boot.php
parent: 1d899d387e89b67245249204249052bf7b65f5c1 (diff)
download: volse-hubzilla-7e36727ce62318315698930d5209650d323a78a9.tar.gz
volse-hubzilla-7e36727ce62318315698930d5209650d323a78a9.tar.bz2
volse-hubzilla-7e36727ce62318315698930d5209650d323a78a9.zip
1 files changed, 5 insertions, 4 deletions
diff --git a/boot.php b/boot.php
index 4c3e4c00b..38269ddb6 100644
--- a/boot.php
+++ b/boot.php
@@ -2419,10 +2419,11 @@ function construct_page() {
 		header("Strict-Transport-Security: max-age=31536000");
 
 	if(App::$config['system']['content_security_policy']) {
-		$cspsettings = Array (
-			'script-src' => Array ("'self'","'unsafe-inline'","'unsafe-eval'"),
-			'style-src' => Array ("'self'","'unsafe-inline'")
-		);
+		$cspsettings = [
+			'script-src' => [ "'self'", "'unsafe-inline'", "'unsafe-eval'" ],
+			'style-src'  => [ "'self'", "'unsafe-inline'" ],
+			'frame-src'  => [ "'self'" ]
+		];
 		call_hooks('content_security_policy',$cspsettings);
 
 		// Legitimate CSP directives (cxref: https://content-security-policy.com/)
author	Max Kostikov <max@kostikov.co>	2021-03-03 20:01:39 +0000
committer	Max Kostikov <max@kostikov.co>	2021-03-03 20:01:39 +0000
commit	7e36727ce62318315698930d5209650d323a78a9 (patch)
tree	f14c1476cbb346045d7711321d2f8fa41554e78e /boot.php
parent	1d899d387e89b67245249204249052bf7b65f5c1 (diff)
download	volse-hubzilla-7e36727ce62318315698930d5209650d323a78a9.tar.gz volse-hubzilla-7e36727ce62318315698930d5209650d323a78a9.tar.bz2 volse-hubzilla-7e36727ce62318315698930d5209650d323a78a9.zip