Add CSP frame-ancestors for #537

the-djmaze · Feb 21, 2023 · 66fafd3 · 66fafd3
1 parent 2daa4f9
commit 66fafd3
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/snappymail/v/0.0.0/app/libraries/snappymail/http/csp.php b/snappymail/v/0.0.0/app/libraries/snappymail/http/csp.php
@@ -19,6 +19,7 @@ class CSP
 		$img     = ["'self'", 'data:'],
 		$style   = ["'self'", "'unsafe-inline'"],
 		$frame   = [],
+		$frame_ancestors = [],
 
 		$report = false,
 		$report_to = [],
@@ -29,7 +30,7 @@ function __construct(string $default = '')
 		if ($default) {
 			foreach (\explode(';', $default) as $directive) {
 				$values = \explode(' ', $directive);
-				$name = \preg_replace('/-.+/', '', \trim(\array_shift($values)));
+				$name = \str_replace('-', '_', \preg_replace('/-(src)$/D', '', \trim(\array_shift($values))));
 				$this->$name = \array_unique(\array_merge($this->$name, $values));
 			}
 		}
@@ -53,6 +54,9 @@ function __toString() : string
 		if ($this->frame) {
 			$params[] = 'frame-src ' . \implode(' ', \array_unique($this->frame));
 		}
+		if ($this->frame_ancestors) {
+			$params[] = 'frame-ancestors ' . \implode(' ', \array_unique($this->frame_ancestors));
+		}
 
 		// Deprecated
 		if ($this->report) {