Allow dynamic registration to work in a frame

composer.json

@@ -38,7 +38,7 @@
         "react/dns" : ">=1.12.0",
         "react/socket" : ">=1.15.0",
 
-        "tsugi/lib": "dev-master#1fe49795c3de66cf4662dc85634e534a8851d27a",
+        "tsugi/lib": "dev-master#2b3ba7929fe1ec91cb3931408e701baa26bbe89c",
         "koseu/lib": "dev-master#b9a31b7875108196dbdf284e685b813d424f2def"
     },
     "config": {

vendor/composer/installed.json

@@ -7708,12 +7708,12 @@
             "source": {
                 "type": "git",
                 "url": "https://github.com/tsugiproject/tsugi-php.git",
-                "reference": "1fe49795c3de66cf4662dc85634e534a8851d27a"
+                "reference": "2b3ba7929fe1ec91cb3931408e701baa26bbe89c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/tsugiproject/tsugi-php/zipball/1fe49795c3de66cf4662dc85634e534a8851d27a",
-                "reference": "1fe49795c3de66cf4662dc85634e534a8851d27a",
+                "url": "https://api.github.com/repos/tsugiproject/tsugi-php/zipball/2b3ba7929fe1ec91cb3931408e701baa26bbe89c",
+                "reference": "2b3ba7929fe1ec91cb3931408e701baa26bbe89c",
                 "shasum": ""
             },
             "require": {
@@ -7727,7 +7727,7 @@
                 "phpunit/php-timer": "v5.0.3",
                 "phpunit/phpunit": "9.*"
             },
-            "time": "2024-11-17T12:08:13+00:00",
+            "time": "2024-11-21T12:50:41+00:00",
             "default-branch": true,
             "type": "library",
             "installation-source": "dist",

vendor/composer/installed.php

@@ -3,7 +3,7 @@
         'name' => '__root__',
         'pretty_version' => 'dev-master',
         'version' => 'dev-master',
-        'reference' => '302c6b766e6cca53ce7f7530ed91cd26fdb28acf',
+        'reference' => '2f714d51c2adab5a9d7353fa384d8594883715f5',
         'type' => 'library',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -13,7 +13,7 @@
         '__root__' => array(
             'pretty_version' => 'dev-master',
             'version' => 'dev-master',
-            'reference' => '302c6b766e6cca53ce7f7530ed91cd26fdb28acf',
+            'reference' => '2f714d51c2adab5a9d7353fa384d8594883715f5',
             'type' => 'library',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
@@ -1078,7 +1078,7 @@
         'tsugi/lib' => array(
             'pretty_version' => 'dev-master',
             'version' => 'dev-master',
-            'reference' => '1fe49795c3de66cf4662dc85634e534a8851d27a',
+            'reference' => '2b3ba7929fe1ec91cb3931408e701baa26bbe89c',
             'type' => 'library',
             'install_path' => __DIR__ . '/../tsugi/lib',
             'aliases' => array(

vendor/tsugi/lib/include/setup.php

@@ -71,8 +71,11 @@ function print_stack_trace() {
 }
 
 // Check for non-embeddable pages and declare appropriate CSP
-if ( preg_match('/(\/admin\/|\/login)/i', $_SERVER['REQUEST_URI']) ) {
-    header("Content-Security-Policy: frame-ancestors 'self';");
+// Allow the Dynamic Registration URL to be embedded as it is required
+if ( preg_match('/(\/admin\/|\/login)/i', $_SERVER['REQUEST_URI'] ?? "") ) {
+    if ( ! preg_match('/(\/admin\/key\/auto.php)/i', $_SERVER['REQUEST_URI']) ) {
+        header("Content-Security-Policy: frame-ancestors 'self';");
+    }
 }
 
 if ( ! isset($CFG->staticroot) ) die_with_error_log('$CFG->staticroot not defined in config.php');