From 8aaab0dbadf1798bdc11e8fefddad01cf23e1892 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Wed, 2 Dec 2015 17:30:40 +0100 Subject: Allow framing 'self' This is required by the pdf viewer, since the files app on master uses the AppFramework it had applied the more strict defaults which made it not work on master. --- apps/files/controller/viewcontroller.php | 8 +++++++- apps/files/tests/controller/ViewControllerTest.php | 3 +++ 2 files changed, 10 insertions(+), 1 deletion(-) (limited to 'apps/files') diff --git a/apps/files/controller/viewcontroller.php b/apps/files/controller/viewcontroller.php index 1d1a9111d19..d9c59592863 100644 --- a/apps/files/controller/viewcontroller.php +++ b/apps/files/controller/viewcontroller.php @@ -23,6 +23,7 @@ namespace OCA\Files\Controller; use OC\AppFramework\Http\Request; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\ContentSecurityPolicy; use OCP\AppFramework\Http\RedirectResponse; use OCP\AppFramework\Http\TemplateResponse; use OCP\IL10N; @@ -215,10 +216,15 @@ class ViewController extends Controller { $params['appContents'] = $contentItems; $this->navigationManager->setActiveEntry('files_index'); - return new TemplateResponse( + $response = new TemplateResponse( $this->appName, 'index', $params ); + $policy = new ContentSecurityPolicy(); + $policy->addAllowedFrameDomain('\'self\''); + $response->setContentSecurityPolicy($policy); + + return $response; } } diff --git a/apps/files/tests/controller/ViewControllerTest.php b/apps/files/tests/controller/ViewControllerTest.php index 028dfce8c58..0e8ab5e752d 100644 --- a/apps/files/tests/controller/ViewControllerTest.php +++ b/apps/files/tests/controller/ViewControllerTest.php @@ -245,6 +245,9 @@ class ViewControllerTest extends TestCase { ], ] ); + $policy = new Http\ContentSecurityPolicy(); + $policy->addAllowedFrameDomain('\'self\''); + $expected->setContentSecurityPolicy($policy); $this->assertEquals($expected, $this->viewController->index('MyDir', 'MyView')); } } -- cgit v1.2.3