diff options
author | Julius Härtl <jus@bitgrid.net> | 2022-01-05 18:36:09 +0300 |
---|---|---|
committer | backportbot[bot] <backportbot[bot]@users.noreply.github.com> | 2022-02-10 17:09:49 +0300 |
commit | ed1790c4a086aabc74ef9feb83a03948d070246c (patch) | |
tree | 198c70fc776b793ec2fd899807e14cd0d0832d69 /lib | |
parent | 5ac5d791aa832ff589cb0dafd92417d20afeb80c (diff) |
Always add gs.trustedHosts to the CSP
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/AppInfo/Application.php | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index 67a08000..c768dcd8 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -198,6 +198,12 @@ class Application extends App implements IBootstrap { public function updateCSP() { $container = $this->getContainer(); + // Do not apply CSP rules on WebDAV/OCS + // Ideally this could be a middleware running after the controller execution before rendering the result to only do it on page response + if ($container->getServer()->getRequest()->getScriptName() !== '/index.php') { + return; + } + $publicWopiUrl = $container->getServer()->getConfig()->getAppValue('richdocuments', 'public_wopi_url', ''); $publicWopiUrl = $publicWopiUrl === '' ? \OC::$server->getConfig()->getAppValue('richdocuments', 'wopi_url') : $publicWopiUrl; $cspManager = $container->getServer()->getContentSecurityPolicyManager(); @@ -213,11 +219,7 @@ class Application extends App implements IBootstrap { /** * Dynamically add CSP for federated editing */ - $path = ''; - try { - $path = $container->getServer()->getRequest()->getPathInfo(); - } catch (\Exception $e) {} - if ((strpos($path, '/apps/files/') === 0 || strpos($path, '/s/') === 0) && $container->getServer()->getAppManager()->isEnabledForUser('federation')) { + if ($container->getServer()->getAppManager()->isEnabledForUser('federation')) { /** @var FederationService $federationService */ $federationService = \OC::$server->query(FederationService::class); @@ -227,6 +229,7 @@ class Application extends App implements IBootstrap { if ($globalScale->isGlobalScaleEnabled()) { $trustedList = \OC::$server->getConfig()->getSystemValue('gs.trustedHosts', []); foreach ($trustedList as $server) { + $policy->addAllowedFrameDomain($server); $this->addTrustedRemote($policy, $server); } } @@ -241,8 +244,7 @@ class Application extends App implements IBootstrap { } private function addTrustedRemote($policy, $url) { - /** @var FederationService $federationService */ - $federationService = \OC::$server->query(FederationService::class); + $federationService = \OC::$server->get(FederationService::class); try { $remoteCollabora = $federationService->getRemoteCollaboraURL($url); $policy->addAllowedFrameDomain($url); |