From 33b738d00bf4f50cc7b4fd94ab102e721e60b0a8 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Thu, 4 Mar 2021 08:05:26 +0000 Subject: Fix frame-src CSP error on video embedding --- boot.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'boot.php') diff --git a/boot.php b/boot.php index ccf1c9d72..2df98a19d 100644 --- a/boot.php +++ b/boot.php @@ -2422,11 +2422,12 @@ function construct_page() { if(App::get_scheme() === 'https' && App::$config['system']['transport_security_header']) header("Strict-Transport-Security: max-age=31536000"); - if(isset(App::$config['system']['content_security_policy'])) { - $cspsettings = Array ( - 'script-src' => Array ("'self'","'unsafe-inline'","'unsafe-eval'"), - 'style-src' => Array ("'self'","'unsafe-inline'") - ); + if(App::$config['system']['content_security_policy']) { + $cspsettings = [ + 'script-src' => [ "'self'", "'unsafe-inline'", "'unsafe-eval'" ], + 'style-src' => [ "'self'", "'unsafe-inline'" ], + 'frame-src' => [ "'self'" ] + ]; call_hooks('content_security_policy',$cspsettings); // Legitimate CSP directives (cxref: https://content-security-policy.com/) -- cgit v1.2.3