the-djmaze/snappymail
1
1
Fork 0
mirror of https://github.com/the-djmaze/snappymail.git synced 2024-12-26 09:03:48 +08:00
Code Issues Projects Releases Packages Wiki Activity

Add CSP frame-ancestors for #537

Browse source
This commit is contained in:
the-djmaze 2023-02-21 17:23:26 +01:00
parent 2daa4f97e2
commit 66fafd3981
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
snappymail/v/0.0.0/app/libraries/snappymail/http/csp.php
View file

@ -19,6 +19,7 @@ class CSP
$img = ["'self'", 'data:'], $img = ["'self'", 'data:'],
$style = ["'self'", "'unsafe-inline'"], $style = ["'self'", "'unsafe-inline'"],
$frame = [], $frame = [],
$frame_ancestors = [],
$report = false, $report = false,
$report_to = [], $report_to = [],
@ -29,7 +30,7 @@ class CSP
if ($default) { if ($default) {
foreach (\explode(';', $default) as $directive) { foreach (\explode(';', $default) as $directive) {
$values = \explode(' ', $directive); $values = \explode(' ', $directive);
$name = \preg_replace('/-.+/', '', \trim(\array_shift($values))); $name = \str_replace('-', '_', \preg_replace('/-(src)$/D', '', \trim(\array_shift($values))));
$this->$name = \array_unique(\array_merge($this->$name, $values)); $this->$name = \array_unique(\array_merge($this->$name, $values));
} }
} }
@ -53,6 +54,9 @@ class CSP
if ($this->frame) { if ($this->frame) {
$params[] = 'frame-src ' . \implode(' ', \array_unique($this->frame)); $params[] = 'frame-src ' . \implode(' ', \array_unique($this->frame));
} }
if ($this->frame_ancestors) {
$params[] = 'frame-ancestors ' . \implode(' ', \array_unique($this->frame_ancestors));
}
// Deprecated // Deprecated
if ($this->report) { if ($this->report) {