From 8dda27c076438a8e2fcc834febb9e3534842837a Mon Sep 17 00:00:00 2001
From: thomas <thomas@spatial.ai>
Date: Fri, 7 Sep 2018 11:47:49 -0400
Subject: [PATCH] multiple domain management for CSP policy. They must be
 separated by a ',' in the configuration. This is usefull for google
 analytics:     www.googletagmanager.com,www.google-analytics.com

---
 appinfo/app.php | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/appinfo/app.php b/appinfo/app.php
index 347daa9..898bf4f 100644
--- a/appinfo/app.php
+++ b/appinfo/app.php
@@ -45,11 +45,14 @@
 	// whitelist the URL to allow loading JS from this external domain
 	$url = $config->getAppValue('jsloader', 'url');
 	if ($url !== '') {
-		$CSPManager = \OC::$server->getContentSecurityPolicyManager();
-		$policy = new ContentSecurityPolicy();
-		$policy->addAllowedScriptDomain($url);
-		$policy->addAllowedImageDomain($url);
-		$policy->addAllowedConnectDomain($url);
-		$CSPManager->addDefaultPolicy($policy);
+		$singleUrlArray = explode(',', $url);
+		foreach ($singleUrlArray as $singleUrl) { 
+			$CSPManager = \OC::$server->getContentSecurityPolicyManager();
+			$policy = new ContentSecurityPolicy();
+			$policy->addAllowedScriptDomain($singleUrl);
+			$policy->addAllowedImageDomain($singleUrl);
+			$policy->addAllowedConnectDomain($singleUrl);
+			$CSPManager->addDefaultPolicy($policy);
+		}
 	}
 }