diff options
| author | Joas Schilling <coding@schilljs.com> | 2018-10-22 10:57:55 +0200 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2018-10-22 10:57:55 +0200 |
| commit | 3febeb6ca71421135fd699374f8c979891b68186 (patch) | |
| tree | 4019170fcc6bcb1d0a32f9c45a83e8ed45e18f92 /apps | |
| parent | f7538fcc82e1341abac9113131510c50395f34b5 (diff) | |
| download | nextcloud-server-3febeb6ca71421135fd699374f8c979891b68186.tar.gz nextcloud-server-3febeb6ca71421135fd699374f8c979891b68186.zip | |
Use lax CSP when the share is a talk share
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/files_sharing/lib/Controller/ShareController.php | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareController.php b/apps/files_sharing/lib/Controller/ShareController.php index 8e9cc5a9636..409762482db 100644 --- a/apps/files_sharing/lib/Controller/ShareController.php +++ b/apps/files_sharing/lib/Controller/ShareController.php @@ -35,6 +35,7 @@ namespace OCA\Files_Sharing\Controller; +use OC\Security\CSP\ContentSecurityPolicy; use OC_Files; use OC_Util; use OCA\FederatedFileSharing\FederatedShareProvider; @@ -158,7 +159,16 @@ class ShareController extends AuthPublicShareController { $event = new GenericEvent(null, $templateParameters); $this->eventDispatcher->dispatch('OCA\Files_Sharing::loadAdditionalScripts::publicShareAuth', $event); - return new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest'); + $response = new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest'); + if ($this->share->getSendPasswordByTalk()) { + $csp = new ContentSecurityPolicy(); + $csp->addAllowedConnectDomain('*'); + $csp->addAllowedMediaDomain('blob:'); + $csp->allowEvalScript(true); + $response->setContentSecurityPolicy($csp); + } + + return $response; } /** @@ -170,7 +180,16 @@ class ShareController extends AuthPublicShareController { $event = new GenericEvent(null, $templateParameters); $this->eventDispatcher->dispatch('OCA\Files_Sharing::loadAdditionalScripts::publicShareAuth', $event); - return new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest'); + $response = new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest'); + if ($this->share->getSendPasswordByTalk()) { + $csp = new ContentSecurityPolicy(); + $csp->addAllowedConnectDomain('*'); + $csp->addAllowedMediaDomain('blob:'); + $csp->allowEvalScript(true); + $response->setContentSecurityPolicy($csp); + } + + return $response; } protected function verifyPassword(string $password): bool { |