From 66fafd39811debf6859bdeb291cf995dd34eda8f Mon Sep 17 00:00:00 2001
From: the-djmaze <>
Date: Tue, 21 Feb 2023 17:23:26 +0100
Subject: [PATCH] Add CSP frame-ancestors for #537

---
 snappymail/v/0.0.0/app/libraries/snappymail/http/csp.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/snappymail/v/0.0.0/app/libraries/snappymail/http/csp.php b/snappymail/v/0.0.0/app/libraries/snappymail/http/csp.php
index 9b4542d44..a9d29d6c0 100644
--- a/snappymail/v/0.0.0/app/libraries/snappymail/http/csp.php
+++ b/snappymail/v/0.0.0/app/libraries/snappymail/http/csp.php
@@ -19,6 +19,7 @@ class CSP
 		$img     = ["'self'", 'data:'],
 		$style   = ["'self'", "'unsafe-inline'"],
 		$frame   = [],
+		$frame_ancestors = [],
 
 		$report = false,
 		$report_to = [],
@@ -29,7 +30,7 @@ class CSP
 		if ($default) {
 			foreach (\explode(';', $default) as $directive) {
 				$values = \explode(' ', $directive);
-				$name = \preg_replace('/-.+/', '', \trim(\array_shift($values)));
+				$name = \str_replace('-', '_', \preg_replace('/-(src)$/D', '', \trim(\array_shift($values))));
 				$this->$name = \array_unique(\array_merge($this->$name, $values));
 			}
 		}
@@ -53,6 +54,9 @@ class CSP
 		if ($this->frame) {
 			$params[] = 'frame-src ' . \implode(' ', \array_unique($this->frame));
 		}
+		if ($this->frame_ancestors) {
+			$params[] = 'frame-ancestors ' . \implode(' ', \array_unique($this->frame_ancestors));
+		}
 
 		// Deprecated
 		if ($this->report) {