diff options
-rwxr-xr-x | appinfo/routes.php | 2 | ||||
-rwxr-xr-x | lib/Controller/NoteController.php | 11 | ||||
-rwxr-xr-x | lib/Controller/PageController.php | 4 |
3 files changed, 16 insertions, 1 deletions
diff --git a/appinfo/routes.php b/appinfo/routes.php index 2bf80fd..291dce0 100755 --- a/appinfo/routes.php +++ b/appinfo/routes.php @@ -68,5 +68,7 @@ return [ ['name' => 'note#importNote', 'url' => '/note/import', 'verb' => 'POST'], + + ['name' => 'note#getNote', 'url' => '/note/get_note', 'verb' => 'GET'], ] ];
\ No newline at end of file diff --git a/lib/Controller/NoteController.php b/lib/Controller/NoteController.php index 80c718b..5ca9528 100755 --- a/lib/Controller/NoteController.php +++ b/lib/Controller/NoteController.php @@ -1324,5 +1324,16 @@ public function getOpusEncoder(){ } } } + /** + * @NoAdminRequired + * @NoCSRFRequired + */ + public function getNote($path){ + $f = $this->CarnetFolder->get($path); + $r = new DataDisplayResponse($f->getContent()); + $r->addHeader("Content-Disposition", "attachment; filename=\"".$f->getName()."\""); + $r->addHeader("Content-Type", $f->getMimeType()); + return $r; + } } ?> diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php index 75dee1f..34074c0 100755 --- a/lib/Controller/PageController.php +++ b/lib/Controller/PageController.php @@ -37,7 +37,9 @@ class PageController extends Controller { if($this->config->getAppValue('carnet', 'carnetDisplayFullscreen', 'no') === "yes") $response->renderAs("blank"); $policy = new ContentSecurityPolicy(); - $policy->addAllowedFrameDomain('\'self\''); + $policy->addAllowedFrameDomain('\'self\''); + $policy->addAllowedFrameDomain('data:'); + $response->setContentSecurityPolicy($policy); // allow iframe return $response; } |