diff --git a/controller/documentcontroller.php b/controller/documentcontroller.php
index 23743a64..80ee5219 100644
--- a/controller/documentcontroller.php
+++ b/controller/documentcontroller.php
@@ -62,8 +62,8 @@ class DocumentController extends Controller{
 		]);
 
 		$policy = new ContentSecurityPolicy();
-+		$policy->addAllowedScriptDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\' ' . $this->settings->getAppValue('documents', 'wopi_url', $_SERVER['SERVER_NAME']));
-+		$policy->addAllowedFrameDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\' ' . $this->settings->getAppValue('documents', 'wopi_url', $_SERVER['SERVER_NAME']));
++		$policy->addAllowedScriptDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\' ' . $this->settings->getAppValue('richdocuments', 'wopi_url'));
++		$policy->addAllowedFrameDomain('\'self\' http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.12/jquery.mousewheel.min.js \'unsafe-eval\' ' . $this->settings->getAppValue('richdocuments', 'wopi_url'));
 		$policy->addAllowedConnectDomain('ws://' . $_SERVER['SERVER_NAME'] . ':9980');
 		$policy->addAllowedImageDomain('*');
 		$policy->allowInlineScript(true);
diff --git a/js/documents.js b/js/documents.js
index 95f0ca7c..5b8d16eb 100644
--- a/js/documents.js
+++ b/js/documents.js
@@ -179,22 +179,28 @@ var documentsMain = {
 			$(document.body).prepend(documentsMain.UI.container);
 
 			$('title').text(title + ' - ' + documentsMain.UI.mainTitle);
-			var viewer = window.location.protocol + '//' + window.location.host + '/loleaflet/dist/loleaflet.html?' +
-				'file_path=' + documentsMain.url +
-				'&host=' + 'ws://' + window.location.hostname + ':9980' +
-				'&permission=' + 'view' +
-				'&timestamp=' + '';
 
-			var frame = '<iframe id="loleafletframe" allowfullscreen style="width:100%;height:100%;position:absolute;" src="' + viewer + '"  sandbox="allow-scripts allow-same-origin allow-popups allow-modals"/>';
+			// TODO. wopiurl = get from discovery xml
+			var wopiurl = $('#wopi-url').val() + '/loleaflet/dist/loleaflet.html';
+			var wopisrc = documentsMain.url;
+			var action = wopiurl + '?' + wopisrc;
+			var token = oc_requesttoken;
 
+			var form = '<form id="loleafletform" name="loleafletform" target="loleafletframe" action="' + action + '" method="post">' +
+				   '<input name="access_token" value="' + token + '" type="hidden"/></form>';
+			var frame = '<iframe id="loleafletframe" name= "loleafletframe" allowfullscreen style="width:100%;height:100%;position:absolute;"/>';
+
+			$('#mainContainer').append(form);
 			$('#mainContainer').append(frame);
 			documentsMain.overlay.documentOverlay('hide');
 			$('#loleafletframe').load(function(){
-				var iframe = $('#loleafletframe').contents();
+				// avoid Blocked a frame with origin different domains
+
+				/*var iframe = $('#loleafletframe').contents();
 				iframe.find('#tb_toolbar-up_item_close').click(function() {
 					documentsMain.onClose();
-				});
-				var frameWindow = $('#loleafletframe')[0].contentWindow;
+				});*/
+				/*var frameWindow = $('#loleafletframe')[0].contentWindow;
 				(function() {
 					cloudSuiteOnClick = frameWindow.onClick;
 					frameWindow.onClick = function() {
@@ -203,8 +209,9 @@ var documentsMain = {
 						cloudSuiteOnClick.apply(this, arguments);
 						frameWindow.map.options.doc = documentsMain.url;
 					};
-				})();
+				})();*/
 			});
+			$('#loleafletform').submit();
 		},
 
 		hideEditor : function(){
@@ -499,25 +506,12 @@ var documentsMain = {
 	},
 
 	loadDocument: function() {
-		var url = OC.generateUrl('apps/richdocuments/load/{file_id}', {file_id: documentsMain.fileId});
-		$.post(
-			url,
-			{},
-			function(result) {
-				if (result && result.status === 'error') {
-					if (result.message){
-						documentsMain.IU.notify(result.message);
-					}
-					documentsMain.onEditorShutdown(t('richdocuments', 'Failed to load this document. Please check if it can be opened with an external editor. This might also mean it has been unshared or deleted recently.'));
-					return;
-				}
-
-				documentsMain.url = 'file://' + result.filename;
-				documentsMain.baseName = result.basename;
-
-				documentsMain.UI.showEditor(documentsMain.fileName);
-			}
-		);
+		// Provides access to information about a file and allows
+		// for file-level operations.
+		// HTTP://server/<...>/wopi*/files/<id>
+		var url = window.location.protocol + '//' + window.location.host + OC.generateUrl('apps/documents/wopi/files/{file_id}', {file_id: documentsMain.fileId}, false);
+		documentsMain.url = 'WOPISrc=' + encodeURIComponent(url);
+		documentsMain.UI.showEditor(documentsMain.fileName);
 	},
 
 	saveDocumentBack: function() {
diff --git a/templates/documents.php b/templates/documents.php
index 05dee91a..0c68ed4b 100644
--- a/templates/documents.php
+++ b/templates/documents.php
@@ -50,7 +50,7 @@ script('files', 'jquery.fileupload');
 		</li>
 	</ul>
 </div>
-<input type="hidden" id="wopi-ulr" name="wopi-url" value="<?php p($_['wopi_url']) ?>" />
+<input type="hidden" id="wopi-url" name="wopi-url" value="<?php p($_['wopi_url']) ?>" />
 <input type="hidden" id="webodf-unstable" value="<?php p($_['useUnstable']) ?>" />
 <?php if ($_['enable_previews']): ?>
 <input type="hidden" id="previews_enabled" value="<?php p($_['enable_previews']) ?>" />