From 088c14f09c6f9525a2366034a580b01aeafcaa4c Mon Sep 17 00:00:00 2001 From: Timmy Willison Date: Mon, 24 Mar 2025 12:20:28 -0400 Subject: [PATCH] jquerymobile.com: add frame-src CSP exceptions for mobile download builder Ref https://github.com/jquery/jquerymobile.com/issues/179 --- themes/jquerymobile.com/functions.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/themes/jquerymobile.com/functions.php b/themes/jquerymobile.com/functions.php index 3f7aa0c3..28d12db0 100644 --- a/themes/jquerymobile.com/functions.php +++ b/themes/jquerymobile.com/functions.php @@ -2,8 +2,10 @@ // Allow scripts from cdnjs.cloudflare.com for the download builder // Allow connections to the amd builder subdomain for the download builder +// Allow frames from amd-builder.jquerymobile.com for the download builder add_filter( 'jq_content_security_policy', function ( $policy ) { $policy[ 'script-src' ] = "'self' code.jquery.com cdnjs.cloudflare.com"; $policy[ 'connect-src' ] = "'self' typesense.jquery.com *.jquerymobile.com"; + $policy[ 'frame-src' ] = "'self' *.jquerymobile.com"; return $policy; } );