diff options
| author | John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com> | 2018-10-23 16:44:09 +0200 |
|---|---|---|
| committer | John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com> | 2018-10-23 16:44:20 +0200 |
| commit | b6981dcecb0fb80b3b519af70f2c29329fe2c2b0 (patch) | |
| tree | a0042912470bd4be6e84ccf0e176fa1afb9b1781 /apps/files_sharing/lib/Controller/ShareController.php | |
| parent | 26ca7a0e2f86cb76726073f2d73fd5cb8a1e09d9 (diff) | |
| parent | 39338aaa676168b0a53c3a1f6d5363569f303361 (diff) | |
| download | nextcloud-server-b6981dcecb0fb80b3b519af70f2c29329fe2c2b0.tar.gz nextcloud-server-b6981dcecb0fb80b3b519af70f2c29329fe2c2b0.zip | |
Merge branch 'master' of https://github.com/nextcloud/server into gridview-table
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
Diffstat (limited to 'apps/files_sharing/lib/Controller/ShareController.php')
| -rw-r--r-- | apps/files_sharing/lib/Controller/ShareController.php | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareController.php b/apps/files_sharing/lib/Controller/ShareController.php index 8d02cc82fd2..1e3cbb51028 100644 --- a/apps/files_sharing/lib/Controller/ShareController.php +++ b/apps/files_sharing/lib/Controller/ShareController.php @@ -35,6 +35,7 @@ namespace OCA\Files_Sharing\Controller; +use OC\Security\CSP\ContentSecurityPolicy; use OC_Files; use OC_Util; use OCA\FederatedFileSharing\FederatedShareProvider; @@ -158,7 +159,16 @@ class ShareController extends AuthPublicShareController { $event = new GenericEvent(null, $templateParameters); $this->eventDispatcher->dispatch('OCA\Files_Sharing::loadAdditionalScripts::publicShareAuth', $event); - return new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest'); + $response = new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest'); + if ($this->share->getSendPasswordByTalk()) { + $csp = new ContentSecurityPolicy(); + $csp->addAllowedConnectDomain('*'); + $csp->addAllowedMediaDomain('blob:'); + $csp->allowEvalScript(true); + $response->setContentSecurityPolicy($csp); + } + + return $response; } /** @@ -170,7 +180,16 @@ class ShareController extends AuthPublicShareController { $event = new GenericEvent(null, $templateParameters); $this->eventDispatcher->dispatch('OCA\Files_Sharing::loadAdditionalScripts::publicShareAuth', $event); - return new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest'); + $response = new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest'); + if ($this->share->getSendPasswordByTalk()) { + $csp = new ContentSecurityPolicy(); + $csp->addAllowedConnectDomain('*'); + $csp->addAllowedMediaDomain('blob:'); + $csp->allowEvalScript(true); + $response->setContentSecurityPolicy($csp); + } + + return $response; } protected function verifyPassword(string $password): bool { |