diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2018-10-23 14:29:52 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-10-23 14:29:52 +0200 |
| commit | d11609a1526ca3e646fee5d5153aea93bf4446a8 (patch) | |
| tree | 5c9a38211d14bc41eaa5c02e7051b0e1bdc99f98 | |
| parent | 7c0cd4f9ff22d1b94176079dca152b2f56ff0c88 (diff) | |
| parent | 3febeb6ca71421135fd699374f8c979891b68186 (diff) | |
| download | nextcloud-server-d11609a1526ca3e646fee5d5153aea93bf4446a8.tar.gz nextcloud-server-d11609a1526ca3e646fee5d5153aea93bf4446a8.zip | |
Merge pull request #11974 from nextcloud/bugfix/noid/lax-csp-on-talk-shares
Use lax CSP when the share is a talk share
| -rw-r--r-- | apps/files_sharing/lib/Controller/ShareController.php | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareController.php b/apps/files_sharing/lib/Controller/ShareController.php index 8e9cc5a9636..409762482db 100644 --- a/apps/files_sharing/lib/Controller/ShareController.php +++ b/apps/files_sharing/lib/Controller/ShareController.php @@ -35,6 +35,7 @@ namespace OCA\Files_Sharing\Controller; +use OC\Security\CSP\ContentSecurityPolicy; use OC_Files; use OC_Util; use OCA\FederatedFileSharing\FederatedShareProvider; @@ -158,7 +159,16 @@ class ShareController extends AuthPublicShareController { $event = new GenericEvent(null, $templateParameters); $this->eventDispatcher->dispatch('OCA\Files_Sharing::loadAdditionalScripts::publicShareAuth', $event); - return new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest'); + $response = new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest'); + if ($this->share->getSendPasswordByTalk()) { + $csp = new ContentSecurityPolicy(); + $csp->addAllowedConnectDomain('*'); + $csp->addAllowedMediaDomain('blob:'); + $csp->allowEvalScript(true); + $response->setContentSecurityPolicy($csp); + } + + return $response; } /** @@ -170,7 +180,16 @@ class ShareController extends AuthPublicShareController { $event = new GenericEvent(null, $templateParameters); $this->eventDispatcher->dispatch('OCA\Files_Sharing::loadAdditionalScripts::publicShareAuth', $event); - return new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest'); + $response = new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest'); + if ($this->share->getSendPasswordByTalk()) { + $csp = new ContentSecurityPolicy(); + $csp->addAllowedConnectDomain('*'); + $csp->addAllowedMediaDomain('blob:'); + $csp->allowEvalScript(true); + $response->setContentSecurityPolicy($csp); + } + + return $response; } protected function verifyPassword(string $password): bool { |