From 33b738d00bf4f50cc7b4fd94ab102e721e60b0a8 Mon Sep 17 00:00:00 2001
From: Max Kostikov <max@kostikov.co>
Date: Thu, 4 Mar 2021 08:05:26 +0000
Subject: Fix frame-src CSP error on video embedding

---
 boot.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/boot.php b/boot.php
index ccf1c9d72..2df98a19d 100644
--- a/boot.php
+++ b/boot.php
@@ -2422,11 +2422,12 @@ function construct_page() {
 	if(App::get_scheme() === 'https' && App::$config['system']['transport_security_header'])
 		header("Strict-Transport-Security: max-age=31536000");
 
-	if(isset(App::$config['system']['content_security_policy'])) {
-		$cspsettings = Array (
-			'script-src' => Array ("'self'","'unsafe-inline'","'unsafe-eval'"),
-			'style-src' => Array ("'self'","'unsafe-inline'")
-		);
+	if(App::$config['system']['content_security_policy']) {
+		$cspsettings = [
+			'script-src' => [ "'self'", "'unsafe-inline'", "'unsafe-eval'" ],
+			'style-src'  => [ "'self'", "'unsafe-inline'" ],
+			'frame-src'  => [ "'self'" ]
+		];
 		call_hooks('content_security_policy',$cspsettings);
 
 		// Legitimate CSP directives (cxref: https://content-security-policy.com/)
-- 
cgit v1.2.3