From 66ec3cd845c1c8770e97af810b74a5a1a3954a98 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Thu, 9 Apr 2020 18:42:17 +0100
Subject: [PATCH] Add blob to frame-src in CSP for iD

Fixes #2582
Closes #2583
---
 app/controllers/site_controller.rb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb
index 1fc916e7f..52fea6133 100644
--- a/app/controllers/site_controller.rb
+++ b/app/controllers/site_controller.rb
@@ -75,6 +75,10 @@ class SiteController < ApplicationController
         :plugin_types => %w[application/x-shockwave-flash],
         :script_src => %w['unsafe-inline']
       )
+    elsif %w[id].include?(editor)
+      append_content_security_policy_directives(
+        :frame_src => %w[blob:]
+      )
     end
 
     begin
-- 
2.43.2