refs #6 attempt to make sure csp lets the frame be

Signed-off-by: Julien Veyssier <eneiluj@posteo.net>

appinfo/info.xml

@@ -8,7 +8,7 @@
 This app integrates Spacedeck whiteboard server. It lets Nextcloud users create `.whiteboard` files
 which can then be opened in the Files app and in Talk. Those files can be shared to other users
 or via public links. Everyone having access to such a file can edit it collaboratively.]]></description>
-    <version>0.0.13</version>
+    <version>0.0.14</version>
     <licence>agpl</licence>
     <author>Julien Veyssier</author>
     <namespace>Spacedeck</namespace>

lib/AppInfo/Application.php

@@ -50,6 +50,8 @@ public function __construct(array $urlParams = []) {
 		$spacedeckUrl = $container->getServer()->getConfig()->getAppValue(self::APP_ID, 'base_url', DEFAULT_SPACEDECK_URL);
 		if ($spacedeckUrl !== DEFAULT_SPACEDECK_URL) {
 			$this->updateCSP($spacedeckUrl);
+		} else {
+			$this->updateCSP();
 		}
 	}
 
@@ -73,13 +75,16 @@ private function loadFilesScripts() {
 	/**
 	 * this might have been necessary in the past
 	 */
-	public function updateCSP(string $url) {
+	public function updateCSP(string $url = '') {
 		$container = $this->getContainer();
 
 		$cspManager = $container->getServer()->getContentSecurityPolicyManager();
 		$policy = new ContentSecurityPolicy();
 		$policy->addAllowedFrameDomain('\'self\'');
-		$policy->addAllowedFrameDomain($url);
+		$policy->addAllowedFrameAncestorDomain('\'self\'');
+		if ($url) {
+			$policy->addAllowedFrameDomain($url);
+		}
 
 		$cspManager->addDefaultPolicy($policy);
 	}