From dcd1d1cbd41c1121b2b834b70262e29c4b136c72 Mon Sep 17 00:00:00 2001
From: the-djmaze <>
Date: Tue, 17 Jan 2023 15:49:35 +0100
Subject: [PATCH] Resolve unknown CSP directive 'strict-dynamic' in Safari
 13.1.2

---
 snappymail/v/0.0.0/app/libraries/snappymail/http/csp.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/snappymail/v/0.0.0/app/libraries/snappymail/http/csp.php b/snappymail/v/0.0.0/app/libraries/snappymail/http/csp.php
index 437dca7ce..1e9761635 100644
--- a/snappymail/v/0.0.0/app/libraries/snappymail/http/csp.php
+++ b/snappymail/v/0.0.0/app/libraries/snappymail/http/csp.php
@@ -10,9 +10,11 @@ class CSP
 	public
 		$base = ["'self'"],
 		$default = ["'self'"],
-		// Knockout.js requires unsafe-inline?
 		// Knockout.js requires eval() for observable binding purposes
-		$script  = ["'strict-dynamic'", "'unsafe-eval'"],
+		// Safari < 15.4 does not support strict-dynamic
+//		$script  = ["'strict-dynamic'", "'unsafe-eval'"],
+		$script  = ["'self'", "'unsafe-eval'"],
+		// Knockout.js requires unsafe-inline?
 //		$script  = ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
 		$img     = ["'self'", 'data:'],
 		$style   = ["'self'", "'unsafe-inline'"],
@@ -28,7 +30,7 @@ class CSP
 			foreach (\explode(';', $default) as $directive) {
 				$values = \explode(' ', $directive);
 				$name = \preg_replace('/-.+/', '', \trim(\array_shift($values)));
-				$this->$name = $values;
+				$this->$name = \array_unique(\array_merge($this->$name, $values));
 			}
 		}
 	}