From 2b3ba7929fe1ec91cb3931408e701baa26bbe89c Mon Sep 17 00:00:00 2001
From: Charles Severance <csev@umich.edu>
Date: Thu, 21 Nov 2024 07:50:41 -0500
Subject: [PATCH] Allow Dynamic registration to be embedded.

---
 include/setup.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/include/setup.php b/include/setup.php
index c67c236..32f5426 100644
--- a/include/setup.php
+++ b/include/setup.php
@@ -71,8 +71,11 @@ function print_stack_trace() {
 }
 
 // Check for non-embeddable pages and declare appropriate CSP
-if ( preg_match('/(\/admin\/|\/login)/i', $_SERVER['REQUEST_URI']) ) {
-    header("Content-Security-Policy: frame-ancestors 'self';");
+// Allow the Dynamic Registration URL to be embedded as it is required
+if ( preg_match('/(\/admin\/|\/login)/i', $_SERVER['REQUEST_URI'] ?? "") ) {
+    if ( ! preg_match('/(\/admin\/key\/auto.php)/i', $_SERVER['REQUEST_URI']) ) {
+        header("Content-Security-Policy: frame-ancestors 'self';");
+    }
 }
 
 if ( ! isset($CFG->staticroot) ) die_with_error_log('$CFG->staticroot not defined in config.php');