From 7bf6b33ab2bde4e053b00a221bd37e4ffca2995b Mon Sep 17 00:00:00 2001
From: Ralf Becker <RalfBecker@outdoor-training.de>
Date: Thu, 30 Apr 2020 17:32:30 +0200
Subject: [PATCH] move adding CSP frame-src of OpenIDConnect clients managed as
 apps to OpenID app

---
 api/src/Framework.php | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/api/src/Framework.php b/api/src/Framework.php
index 9c7ec45587..b64a6448dc 100644
--- a/api/src/Framework.php
+++ b/api/src/Framework.php
@@ -148,16 +148,6 @@ abstract class Framework extends Framework\Extra
 		// add a content-type header to overwrite an existing default charset in apache (AddDefaultCharset directiv)
 		header('Content-type: text/html; charset='.Translation::charset());
 
-		// add CSP frame-src for apps which are just iframes
-		foreach($GLOBALS['egw_info']['user']['apps'] ?: [] as $app => $data)
-		{
-			if ($GLOBALS['egw_info']['apps'][$app]['status'] == 1 && !empty($data['index']) &&
-				preg_match('|^(https?://[^/]+)|', $data['index'], $matches))
-			{
-				ContentSecurityPolicy::add_frame_src($matches[1]);
-			}
-		}
-
 		Header\ContentSecurityPolicy::send();
 
 		// allow client-side to detect first load aka just logged in