From f7a3099ba626be12c9f191119b34416a501780b9 Mon Sep 17 00:00:00 2001
From: NiclasNorin <niclasn@outlook.com>
Date: Fri, 24 Oct 2025 10:41:24 +0200
Subject: [PATCH] fix: slider csp

---
 source/php/Module/Slider/Slider.php | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/source/php/Module/Slider/Slider.php b/source/php/Module/Slider/Slider.php
index 355137f98..c2022ab5b 100644
--- a/source/php/Module/Slider/Slider.php
+++ b/source/php/Module/Slider/Slider.php
@@ -32,6 +32,7 @@ public function init()
 
         //Adds backwards compability to when we didn't have focal points
         add_filter('acf/load_value/key=field_56a5ed2f398dc', array($this,'filterDesktopImage'), 10, 3);
+        add_filter('WpSecurity/Csp', array($this, 'csp'), 10, 1);
     }
 
     /**
@@ -274,6 +275,33 @@ private function isButtonCta($slide) {
             $slide['link_style'] === 'button';
     }
 
+    /**
+     * Content Security Policy - Add video domains
+     */
+    public function csp(array $domains): array
+    {
+        $slides = $this->getFields()['slides'] ?? [];
+
+        foreach ($slides as $slide) {
+            if (empty($slide['video_mp4']['url'])) {
+                continue;
+            }
+
+            $host = parse_url($slide['video_mp4']['url'], PHP_URL_HOST);
+
+            if (!$host) {
+                continue;
+            }
+
+            $domains['media-src'] ??= [];
+            $domains['media-src'][] = $host;
+        }
+
+        $domains['media-src'] = $domains['media-src'] ? array_unique($domains['media-src']) : [];
+
+        return $domains;
+    }
+
     /**
      * Available "magic" methods for modules:
      * init()            What to do on initialization