From 46cd60c510ebb1c6b223a90ca009276149bf8efa Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Fri, 6 Aug 2021 12:11:08 +0200
Subject: [PATCH] CSP: Allow self as frame-src

The reveal.js speaker view uses frames to display the slides

Signed-off-by: David Mehren <git@herrmehren.de>
---
 lib/csp.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/csp.js b/lib/csp.js
index b343ea011..c54007646 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -8,7 +8,7 @@ const defaultDirectives = {
   baseUri: ['\'self\''],
   connectSrc: ['\'self\''],
   fontSrc: ['\'self\''],
-  frameSrc: ['https://player.vimeo.com', 'https://www.slideshare.net/slideshow/embed_code/key/', 'https://www.youtube.com'],
+  frameSrc: ['\'self\'', 'https://player.vimeo.com', 'https://www.slideshare.net/slideshow/embed_code/key/', 'https://www.youtube.com'],
   imgSrc: ['*'], // we allow using arbitrary images
   scriptSrc: [
     config.serverURL + '/build/',