diff options
Diffstat (limited to 'lib/Controller/PageController.php')
-rwxr-xr-x | lib/Controller/PageController.php | 33 |
1 files changed, 28 insertions, 5 deletions
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php index 9aa126b..e8ee548 100755 --- a/lib/Controller/PageController.php +++ b/lib/Controller/PageController.php @@ -27,6 +27,32 @@ class PageController extends Controller { * @NoAdminRequired * @NoCSRFRequired */ + public function browser() { + $parameters = [ + 'nc_version' => \OCP\Util::getVersion()[0], + 'carnet_display_fullscreen' => $this->config->getAppValue('carnet', 'carnetDisplayFullscreen', 'no'), + 'app_version' => App::getAppInfo($this->appName)['version'], + ]; + $response = new TemplateResponse($this->appName,"browser",$parameters); + $response->renderAs("blank"); + $policy = new ContentSecurityPolicy(); + $policy->addAllowedFrameDomain('\'self\''); + $policy->addAllowedFrameDomain('data:'); + + $response->setContentSecurityPolicy($policy); // allow iframe + return $response; + } + + /** + * CAUTION: the @Stuff turns off security checks; for this page no admin is + * required and no CSRF check. If you don't know what CSRF is, read + * it up in the docs or you might create a security hole. This is + * basically the only required method to add this exemption, don't + * add it to any other method if you don't exactly know what it does + * + * @NoAdminRequired + * @NoCSRFRequired + */ public function index() { $parameters = [ 'nc_version' => \OCP\Util::getVersion()[0], @@ -34,12 +60,10 @@ class PageController extends Controller { 'app_version' => App::getAppInfo($this->appName)['version'], ]; $response = new TemplateResponse($this->appName,"index",$parameters); - if($this->config->getAppValue('carnet', 'carnetDisplayFullscreen', 'no') === "yes") - $response->renderAs("blank"); $policy = new ContentSecurityPolicy(); $policy->addAllowedFrameDomain('\'self\''); $policy->addAllowedFrameDomain('data:'); - + $response->setContentSecurityPolicy($policy); // allow iframe return $response; } @@ -77,8 +101,7 @@ class PageController extends Controller { 'app_version' => App::getAppInfo($this->appName)['version'], ]; $response = new TemplateResponse($this->appName,"settings", $parameters); - if($this->config->getAppValue('carnet', 'carnetDisplayFullscreen', 'no') === "yes") - $response->renderAs("blank"); + $response->renderAs("blank"); $policy = new ContentSecurityPolicy(); $policy->addAllowedFrameDomain('\'self\''); $response->setContentSecurityPolicy($policy); // allow iframe |