diff options
| author | Julius Härtl <jus@bitgrid.net> | 2019-08-16 14:48:38 +0300 |
|---|---|---|
| committer | Julius Härtl <jus@bitgrid.net> | 2019-08-27 19:42:13 +0300 |
| commit | f65eddfaa11cc726ce4aed70c9b05ab32369a24b (patch) | |
| tree | 8cbead7bdca3b0f2b1edc0b8f1fd05522c5233c5 /lib | |
| parent | 9b3fb584fb1c9fb7ce506a0797f061be07320833 (diff) | |
Move CSP handling to method
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/AppInfo/Application.php | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index 2707f9ba..2ac62482 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -25,12 +25,15 @@ namespace OCA\Richdocuments\AppInfo; use OC\Files\Type\Detection; +use OC\Security\CSP\ContentSecurityPolicy; +use OCA\Federation\TrustedServers; use OCA\Richdocuments\Capabilities; use OCA\Richdocuments\Preview\MSExcel; use OCA\Richdocuments\Preview\MSWord; use OCA\Richdocuments\Preview\OOXML; use OCA\Richdocuments\Preview\OpenDocument; use OCA\Richdocuments\Preview\Pdf; +use OCA\Richdocuments\Service\FederationService; use OCP\AppFramework\App; use OCP\IPreview; @@ -81,4 +84,42 @@ class Application extends App { }); } + + public function updateCSP() { + $container = $this->getContainer(); + + $publicWopiUrl = $container->getServer()->getConfig()->getAppValue('richdocuments', 'public_wopi_url', ''); + $publicWopiUrl = $publicWopiUrl === '' ? \OC::$server->getConfig()->getAppValue('richdocuments', 'wopi_url') : $publicWopiUrl; + $cspManager = $container->getServer()->getContentSecurityPolicyManager(); + $policy = new ContentSecurityPolicy(); + if ($publicWopiUrl !== '') { + $policy->addAllowedFrameDomain($publicWopiUrl); + if (method_exists($policy, 'addAllowedFormActionDomain')) { + $policy->addAllowedFormActionDomain($publicWopiUrl); + } + } + + /** + * Dynamically add CSP for federated editing + */ + $path = ''; + try { + $path = $container->getServer()->getRequest()->getPathInfo(); + } catch (\Exception $e) {} + if (strpos($path, '/apps/files') === 0) { + /** @var TrustedServers $trustedServers */ + $trustedServers = $container->query(TrustedServers::class); + /** @var FederationService $federationService */ + $federationService = $container->query(FederationService::class); + $remoteAccess = \OC::$server->getRequest()->getParam('richdocuments_remote_access'); + + if ($remoteAccess && $trustedServers->isTrustedServer($remoteAccess)) { + $remoteCollabora = $federationService->getRemoteCollaboraURL($remoteAccess); + $policy->addAllowedFrameDomain($remoteAccess); + $policy->addAllowedFrameDomain($remoteCollabora); + } + } + + $cspManager->addDefaultPolicy($policy); + } } |