From 9c538dfad30c8ba5bc654a9872cae514dcafdc2e Mon Sep 17 00:00:00 2001 From: Julien Veyssier Date: Wed, 24 Feb 2021 10:13:31 +0100 Subject: [PATCH] refs #6 attempt to make sure csp lets the frame be Signed-off-by: Julien Veyssier --- appinfo/info.xml | 2 +- lib/AppInfo/Application.php | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/appinfo/info.xml b/appinfo/info.xml index 7e78b97..649b29f 100644 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -8,7 +8,7 @@ This app integrates Spacedeck whiteboard server. It lets Nextcloud users create `.whiteboard` files which can then be opened in the Files app and in Talk. Those files can be shared to other users or via public links. Everyone having access to such a file can edit it collaboratively.]]> - 0.0.13 + 0.0.14 agpl Julien Veyssier Spacedeck diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index 2d240e4..f1af23e 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -50,6 +50,8 @@ public function __construct(array $urlParams = []) { $spacedeckUrl = $container->getServer()->getConfig()->getAppValue(self::APP_ID, 'base_url', DEFAULT_SPACEDECK_URL); if ($spacedeckUrl !== DEFAULT_SPACEDECK_URL) { $this->updateCSP($spacedeckUrl); + } else { + $this->updateCSP(); } } @@ -73,13 +75,16 @@ private function loadFilesScripts() { /** * this might have been necessary in the past */ - public function updateCSP(string $url) { + public function updateCSP(string $url = '') { $container = $this->getContainer(); $cspManager = $container->getServer()->getContentSecurityPolicyManager(); $policy = new ContentSecurityPolicy(); $policy->addAllowedFrameDomain('\'self\''); - $policy->addAllowedFrameDomain($url); + $policy->addAllowedFrameAncestorDomain('\'self\''); + if ($url) { + $policy->addAllowedFrameDomain($url); + } $cspManager->addDefaultPolicy($policy); }