From 06624d7900ff053a5d1be65d27f0b502de9f7bba Mon Sep 17 00:00:00 2001
From: Remon Pel <remon@acato.nl>
Date: Wed, 20 Mar 2024 13:46:03 +0100
Subject: [PATCH] When building from aggregated violations, the list of allowed
 domains will contain many duplicate entries. This is the most simple fix to
 remove the duplication

Preferably, a public function hasSource(string $directive, string $path): bool would be available to prevent adding in the first place, but array_unique will do the trick for now
---
 src/CSPBuilder.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/CSPBuilder.php b/src/CSPBuilder.php
index d4eb834..83ab9b8 100644
--- a/src/CSPBuilder.php
+++ b/src/CSPBuilder.php
@@ -1109,7 +1109,7 @@ protected function compileSubgroup(string $directive, $policies = []): string
         if (!empty($policies['allow'])) {
             /** @var array<array-key, string> $allowedPolicies */
             $allowedPolicies = $policies['allow'];
-            foreach ($allowedPolicies as $url) {
+            foreach (array_unique($allowedPolicies) as $url) {
                 /** @var string|bool $url */
                 $url = filter_var($url, FILTER_SANITIZE_URL);
                 if (is_string($url)) {