aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--apps/files_sharing/lib/controllers/sharecontroller.php7
-rw-r--r--apps/files_sharing/tests/controller/sharecontroller.php5
2 files changed, 11 insertions, 1 deletions
diff --git a/apps/files_sharing/lib/controllers/sharecontroller.php b/apps/files_sharing/lib/controllers/sharecontroller.php
index 2e23ac5908e..ebc54265bf0 100644
--- a/apps/files_sharing/lib/controllers/sharecontroller.php
+++ b/apps/files_sharing/lib/controllers/sharecontroller.php
@@ -203,7 +203,12 @@ class ShareController extends Controller {
$shareTmpl['downloadURL'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.downloadShare', array('token' => $token));
$shareTmpl['maxSizeAnimateGif'] = $this->config->getSystemValue('max_filesize_animated_gifs_public_sharing', 10);
- return new TemplateResponse($this->appName, 'public', $shareTmpl, 'base');
+ $csp = new OCP\AppFramework\Http\ContentSecurityPolicy();
+ $csp->addAllowedFrameDomain('\'self\'');
+ $response = new TemplateResponse($this->appName, 'public', $shareTmpl, 'base');
+ $response->setContentSecurityPolicy($csp);
+
+ return $response;
}
/**
diff --git a/apps/files_sharing/tests/controller/sharecontroller.php b/apps/files_sharing/tests/controller/sharecontroller.php
index 173f606e188..81e60b03cdc 100644
--- a/apps/files_sharing/tests/controller/sharecontroller.php
+++ b/apps/files_sharing/tests/controller/sharecontroller.php
@@ -159,7 +159,12 @@ class ShareControllerTest extends \Test\TestCase {
'nonHumanFileSize' => 33,
'maxSizeAnimateGif' => 10,
);
+
+ $csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
+ $csp->addAllowedFrameDomain('\'self\'');
$expectedResponse = new TemplateResponse($this->container['AppName'], 'public', $sharedTmplParams, 'base');
+ $expectedResponse->setContentSecurityPolicy($csp);
+
$this->assertEquals($expectedResponse, $response);
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-13 22:11:50 +0000