From: Tom Hughes <tom@compton.nu>
Date: Thu, 9 Apr 2020 17:42:17 +0000 (+0100)
Subject: Add blob to frame-src in CSP for iD
X-Git-Tag: live~2195
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/66ec3cd845c1c8770e97af810b74a5a1a3954a98?ds=sidebyside

Add blob to frame-src in CSP for iD

Fixes #2582
Closes #2583
---

diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb
index 1fc916e7f..52fea6133 100644
--- a/app/controllers/site_controller.rb
+++ b/app/controllers/site_controller.rb
@@ -75,6 +75,10 @@ class SiteController < ApplicationController
         :plugin_types => %w[application/x-shockwave-flash],
         :script_src => %w['unsafe-inline']
       )
+    elsif %w[id].include?(editor)
+      append_content_security_policy_directives(
+        :frame_src => %w[blob:]
+      )
     end
 
     begin