From 8d7b270f6fbfcb81071a7758d6fe622e10182c04 Mon Sep 17 00:00:00 2001
From: Joshua Ramon Enslin <joshua@museum-digital.de>
Date: Thu, 24 Mar 2022 23:25:05 +0100
Subject: [PATCH] Allow setting worker-src in MD_STD_SEC

---
 src/MD_STD_SEC.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/MD_STD_SEC.php b/src/MD_STD_SEC.php
index 0e00dd8..764f058 100644
--- a/src/MD_STD_SEC.php
+++ b/src/MD_STD_SEC.php
@@ -141,7 +141,7 @@ final class MD_STD_SEC {
      */
     public static function sendContentSecurityPolicy(array $directives, string $frame_ancestors = ""):void {
 
-        $policy = 'Content-Security-Policy: default-src ' . $directives['default-src'] . '; connect-src ' . $directives['connect-src'] . '; script-src ' . $directives['script-src'] . '; img-src ' . $directives['img-src'] . '; media-src ' . $directives['media-src'] . '; style-src ' . $directives['style-src'] . '; font-src \'self\'; frame-src ' . $directives['frame-src'] . '; object-src ' . $directives['object-src'] . '; base-uri ' . $directives['base-uri'] . '; form-action ' . $directives['form-action'] . '; manifest-src \'self\'; worker-src \'self\';';
+        $policy = 'Content-Security-Policy: default-src ' . $directives['default-src'] . '; connect-src ' . $directives['connect-src'] . '; script-src ' . $directives['script-src'] . '; img-src ' . $directives['img-src'] . '; media-src ' . $directives['media-src'] . '; style-src ' . $directives['style-src'] . '; font-src \'self\'; frame-src ' . $directives['frame-src'] . '; object-src ' . $directives['object-src'] . '; base-uri ' . $directives['base-uri'] . '; form-action ' . $directives['form-action'] . '; manifest-src \'self\'; worker-src ' . ($directives['worker-src'] ?? '\'self\'') . ';';
 
         if (!empty($frame_ancestors)) {
             $policy .= ' frame-ancestors ' . $frame_ancestors . ';';