diff options
author | Alexandre Roux D'Anzi <alexandre.roux.danzi@lostpod.me> | 2022-01-12 00:24:13 +0300 |
---|---|---|
committer | Alexandre Roux D'Anzi <alexandre.roux.danzi@lostpod.me> | 2022-01-12 00:24:13 +0300 |
commit | cc4a12dca09dc0b9263d92026de1247d5151cbce (patch) | |
tree | 1f165dc7836182806a19e25a0803370e93abecf1 /lib | |
parent | ab98a8fbdde267e330a8fb3caea45dbdf7bce123 (diff) |
put carnet in a frame to avoid conflicting css
Diffstat (limited to 'lib')
-rwxr-xr-x | lib/Controller/PageController.php | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php index 9aa126b..e3f758a 100755 --- a/lib/Controller/PageController.php +++ b/lib/Controller/PageController.php @@ -27,6 +27,32 @@ class PageController extends Controller { * @NoAdminRequired * @NoCSRFRequired */ + public function browser() { + $parameters = [ + 'nc_version' => \OCP\Util::getVersion()[0], + 'carnet_display_fullscreen' => $this->config->getAppValue('carnet', 'carnetDisplayFullscreen', 'no'), + 'app_version' => App::getAppInfo($this->appName)['version'], + ]; + $response = new TemplateResponse($this->appName,"browser",$parameters); + $response->renderAs("blank"); + $policy = new ContentSecurityPolicy(); + $policy->addAllowedFrameDomain('\'self\''); + $policy->addAllowedFrameDomain('data:'); + + $response->setContentSecurityPolicy($policy); // allow iframe + return $response; + } + + /** + * CAUTION: the @Stuff turns off security checks; for this page no admin is + * required and no CSRF check. If you don't know what CSRF is, read + * it up in the docs or you might create a security hole. This is + * basically the only required method to add this exemption, don't + * add it to any other method if you don't exactly know what it does + * + * @NoAdminRequired + * @NoCSRFRequired + */ public function index() { $parameters = [ 'nc_version' => \OCP\Util::getVersion()[0], @@ -34,12 +60,10 @@ class PageController extends Controller { 'app_version' => App::getAppInfo($this->appName)['version'], ]; $response = new TemplateResponse($this->appName,"index",$parameters); - if($this->config->getAppValue('carnet', 'carnetDisplayFullscreen', 'no') === "yes") - $response->renderAs("blank"); $policy = new ContentSecurityPolicy(); $policy->addAllowedFrameDomain('\'self\''); $policy->addAllowedFrameDomain('data:'); - + $response->setContentSecurityPolicy($policy); // allow iframe return $response; } |