From c9ea462e97259060eb1b140a2f20695c26f73ec5 Mon Sep 17 00:00:00 2001
From: Joe Lothan <joe@lothan.net>
Date: Wed, 20 May 2026 00:32:56 -0400
Subject: [PATCH] check all CSP headers for iframe disallowing

---
 pipeline/02_warc_parse/warc.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/pipeline/02_warc_parse/warc.go b/pipeline/02_warc_parse/warc.go
index 7ae4645..246e741 100644
--- a/pipeline/02_warc_parse/warc.go
+++ b/pipeline/02_warc_parse/warc.go
@@ -117,9 +117,11 @@ func CheckIframeAllowed(headers http.Header) bool {
 		return false
 	}
 
-	csp := strings.ToLower(headers.Get("Content-Security-Policy"))
-	if strings.Contains(csp, "frame-ancestors") && !strings.Contains(csp, "frame-ancestors *") {
-		return false
+	for _, csp := range headers.Values("Content-Security-Policy") {
+		csp = strings.ToLower(csp)
+		if strings.Contains(csp, "frame-ancestors") && !strings.Contains(csp, "frame-ancestors *") {
+			return false
+		}
 	}
 
 	return true