diff options
| author | Julius Härtl <jus@bitgrid.net> | 2019-03-18 13:23:40 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-03-18 13:23:40 +0300 |
| commit | d8db33bd19851fe39dae30989ff855deef479ec0 (patch) | |
| tree | 9e3e0a5bd630731949f8c03ee81fabaed1eab3f3 | |
| parent | d93b0ccd5fbe3b2c64f610a8a913c4d2be408bc9 (diff) | |
| parent | 16c82f5a0abb0ecacb94ca2ea3fd7fd96edc0156 (diff) | |
Merge pull request #453 from nextcloud/enh/452/set-nonce
Set proper nonce on the outer iframe
| -rw-r--r-- | js/documents.js | 2 | ||||
| -rw-r--r-- | js/viewer/viewer.js | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/js/documents.js b/js/documents.js index 6a8a010e..3311baa7 100644 --- a/js/documents.js +++ b/js/documents.js @@ -413,7 +413,7 @@ var documentsMain = { '<input name="access_token" value="' + access_token + '" type="hidden"/></form>'; // iframe that contains the Collabora Online Viewer - var frame = '<iframe id="loleafletframe_viewer" name= "loleafletframe_viewer" style="width:100%;height:100%;position:absolute;"/>'; + var frame = '<iframe id="loleafletframe_viewer" name="loleafletframe_viewer" nonce="' + btoa(OC.requestToken) + '" style="width:100%;height:100%;position:absolute;"/>'; $('#revViewer').append(form); $('#revViewer').append(frame); diff --git a/js/viewer/viewer.js b/js/viewer/viewer.js index 9cc0afed..b3e1e713 100644 --- a/js/viewer/viewer.js +++ b/js/viewer/viewer.js @@ -129,7 +129,7 @@ var odfViewer = { OC.addStyle('richdocuments', 'mobile'); - var $iframe = $('<iframe id="richdocumentsframe" scrolling="no" allowfullscreen src="'+viewer+'" />'); + var $iframe = $('<iframe id="richdocumentsframe" nonce="' + btoa(OC.requestToken) + '" scrolling="no" allowfullscreen src="'+viewer+'" />'); $.get(OC.generateUrl('/apps/richdocuments/settings/check'), function() { $iframe.src = viewer; }) .fail(function() { |