From 7f7c41fb566d1a613f6b9f35a62a4ec1eba906c5 Mon Sep 17 00:00:00 2001 From: Henry Castro Date: Tue, 27 Oct 2015 23:12:41 -0400 Subject: [PATCH] cloudsuite: add showLOleaflet method --- controller/documentcontroller.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/controller/documentcontroller.php b/controller/documentcontroller.php index 60fb1ab0..cdb6d35b 100644 --- a/controller/documentcontroller.php +++ b/controller/documentcontroller.php @@ -206,4 +206,29 @@ class DocumentController extends Controller{ 'status' => 'success', 'documents' => $documents,'sessions' => $sessions,'members' => $members ); } + + /** + * @PublicPage + * @NoCSRFRequired + * + * @return TemplateResponse + */ + public function showLOleaflet() { + $params = [ + 'urlGenerator' => $this->urlGenerator + ]; + $response = new TemplateResponse($this->appName, '3rdparty/cloudsuite/assets/cloudsuite', $params, 'blank'); + + $policy = new ContentSecurityPolicy(); + $policy->addAllowedChildSrcDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\''); + $policy->addAllowedScriptDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\''); + $policy->addAllowedFrameDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\''); + $policy->addAllowedConnectDomain('ws://' . $_SERVER['SERVER_NAME'] . ':9980'); + $policy->addAllowedImageDomain('*'); + $policy->allowInlineScript(true); + $policy->addAllowedFontDomain('data:'); + $response->setContentSecurityPolicy($policy); + + return $response; + } }