Add a way to modify CSP rules within an extension (#6246)

This will allow to change CSP rules to authorize the use of external scripts.
We might need to add some safeguard since it will be virtually possible to
load any script even malicious one.

1 files changed, 3 insertions, 0 deletions

diff --git a/lib/Minz/ActionController.php b/lib/Minz/ActionController.php
index 809a52337..12f14b0f4 100644
--- a/lib/Minz/ActionController.php
+++ b/lib/Minz/ActionController.php
@@ -99,6 +99,9 @@ abstract class Minz_ActionController {
 	 */
 	public function declareCspHeader(): void {
 		$policies = [];
+		foreach (Minz_ExtensionManager::listExtensions(true) as $extension) {
+			$extension->amendCsp($this->csp_policies);
+		}
 		foreach ($this->csp_policies as $directive => $sources) {
 			$policies[] = $directive . ' ' . $sources;
 		}