From 0d31deb3fcf5be5eafe36e6e893cc5f4bb544b31 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Tue, 19 Oct 2021 17:25:05 +0530
Subject: [PATCH] dev server fixes for export with CSP

---
 server.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server.js b/server.js
index 0b95119f9..49385d74d 100644
--- a/server.js
+++ b/server.js
@@ -80,7 +80,7 @@ var setHeaders = (function () {
     if (typeof(config.padContentSecurity) === 'string') {
         padHeaders['Content-Security-Policy'] = config.padContentSecurity;
     } else {
-        padHeaders['Content-Security-Policy'] = Default.padContentSecurity(Env.httpUnsafeOrigin);
+        padHeaders['Content-Security-Policy'] = Default.padContentSecurity(Env.httpUnsafeOrigin, Env.httpSafeOrigin);
     }
     if (Object.keys(headers).length) {
         return function (req, res) {
@@ -110,6 +110,7 @@ var setHeaders = (function () {
             const h = [
                     /^\/common\/onlyoffice\/.*\/index\.html.*/,
                     /^\/(sheet|presentation|doc)\/inner\.html.*/,
+                    /^\/unsafeiframe\/inner\.html.*$/,
                 ].some((regex) => {
                     return regex.test(req.url);
                 }) ? padHeaders : headers;