Allow inline styles for theming images

Signed-off-by: Julius Härtl <jus@bitgrid.net>

diff --git a/apps/theming/lib/Controller/ThemingController.php b/apps/theming/lib/Controller/ThemingController.php
index 4789533564001d2089c0bba93fa641cfde2ec421..3ac1f3316e52627efa50d03aab93755da5c9358b 100644 (file)
--- a/apps/theming/lib/Controller/ThemingController.php
+++ b/apps/theming/lib/Controller/ThemingController.php
@@ -379,6 +379,9 @@ class ThemingController extends Controller {
                }
 
                $response = new FileDisplayResponse($file);
+               $csp = new Http\ContentSecurityPolicy();
+               $csp->allowInlineStyle();
+               $response->setContentSecurityPolicy($csp);
                $response->cacheFor(3600);
                $response->addHeader('Content-Type', $this->config->getAppValue($this->appName, $key . 'Mime', ''));
                $response->addHeader('Content-Disposition', 'attachment; filename="' . $key . '"');

diff --git a/apps/theming/tests/Controller/ThemingControllerTest.php b/apps/theming/tests/Controller/ThemingControllerTest.php
index 93a1e040b4ba5a891b557213ca6c02eb5c166efe..bb154fbb9bb5fcd9f8a6bd526c2166de9bfe6065 100644 (file)
--- a/apps/theming/tests/Controller/ThemingControllerTest.php
+++ b/apps/theming/tests/Controller/ThemingControllerTest.php
@@ -764,6 +764,9 @@ class ThemingControllerTest extends TestCase {
                $expected->cacheFor(3600);
                $expected->addHeader('Content-Type', 'text/svg');
                $expected->addHeader('Content-Disposition', 'attachment; filename="logo"');
+               $csp = new Http\ContentSecurityPolicy();
+               $csp->allowInlineStyle();
+               $expected->setContentSecurityPolicy($csp);
                @$this->assertEquals($expected, $this->themingController->getImage('logo'));
        }
 
@@ -789,6 +792,9 @@ class ThemingControllerTest extends TestCase {
                        ->willReturn('image/png');
 
                @$expected = new Http\FileDisplayResponse($file);
+               $csp = new Http\ContentSecurityPolicy();
+               $csp->allowInlineStyle();
+               $expected->setContentSecurityPolicy($csp);
                $expected->cacheFor(3600);
                $expected->addHeader('Content-Type', 'image/png');
                $expected->addHeader('Content-Disposition', 'attachment; filename="background"');