CSP: Updated handling of drawio URL to consider port

Previously if a custom port was used in the DRAWIO option it would not
be considered in the CSP handling, which would block loading.

Added test to cover.
For #5107

tests/SecurityHeaderTest.php

@@ -139,6 +139,18 @@ class SecurityHeaderTest extends TestCase
         $this->assertEquals('frame-src \'self\' https://example.com https://diagrams.example.com', $scriptHeader);
     }
 
+    public function test_frame_src_csp_header_drawio_host_includes_port_if_existing()
+    {
+        config()->set([
+            'app.iframe_sources' => 'https://example.com',
+            'services.drawio'    => 'https://diagrams.example.com:8080/testing?cat=dog',
+        ]);
+
+        $resp = $this->get('/');
+        $scriptHeader = $this->getCspHeader($resp, 'frame-src');
+        $this->assertEquals('frame-src \'self\' https://example.com https://diagrams.example.com:8080', $scriptHeader);
+    }
+
     public function test_cache_control_headers_are_set_on_responses()
     {
         // Public access