Look for global array so we don't load all Servers multiple times. Add all servers to allowed script-src in CSPHeaders

web/includes/functions.php

@@ -36,14 +36,18 @@ function noCacheHeaders() {
 }
 
 function CSPHeaders($view, $nonce) {
-  $additionalScriptSrc = '';
+  global $Servers;
+  if ( ! $Servers )
+    $Servers = ZM\Server::find();
+  
+  $additionalScriptSrc = implode(' ', array_map(function($S){return $S->Url();}, $Servers));
   switch ($view) {
     case 'login': {
       if (defined('ZM_OPT_USE_GOOG_RECAPTCHA')
           && defined('ZM_OPT_GOOG_RECAPTCHA_SITEKEY')
           && defined('ZM_OPT_GOOG_RECAPTCHA_SECRETKEY')
           && ZM_OPT_USE_GOOG_RECAPTCHA && ZM_OPT_GOOG_RECAPTCHA_SITEKEY && ZM_OPT_GOOG_RECAPTCHA_SECRETKEY) {
-        $additionalScriptSrc = "https://www.google.com";
+        $additionalScriptSrc = ' https://www.google.com';
       }
       // fall through
     }
@@ -92,7 +96,9 @@ function CORSHeaders() {
 
 # The following is left for future reference/use.
     $valid = false;
-    $Servers = ZM\Server::find();
+    global $Servers;
+    if ( ! $Servers )
+      $Servers = ZM\Server::find();
     if ( sizeof($Servers) < 1 ) {
 # Only need CORSHeaders in the event that there are multiple servers in use.
       # ICON: Might not be true. multi-port?