DontSellMe/richdocuments
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Maybe fix things with .onion...

Browse Source
This commit is contained in:
Skylar Ittner 2017-09-07 20:27:00 -06:00
parent 06aba96872
commit ecd02e13db
2 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
appinfo/app.php
View File

@ -49,7 +49,12 @@ if (class_exists('\OC\Files\Type\TemplateManager')) {
} }
// Whitelist the wopi URL for iframes, required for Firefox // Whitelist the wopi URL for iframes, required for Firefox
$wopiUrl = str_replace("hostname.host", $_SERVER["HTTP_HOST"], \OC::$server->getConfig()->getAppValue('richdocuments', 'wopi_url')); $replaceWith = str_replace("hostname.host", $_SERVER['HTTP_HOST'], $this->config->getAppValue('richdocuments', 'wopi_url'));
// Use plain HTTP for .onion/TOR
if (strpos($replaceWith, ".onion") !== FALSE) {
$replaceWith = str_replace("https://", "http://", $replaceWith);
}
$wopiUrl = $replaceWith;
if ($wopiUrl !== '') { if ($wopiUrl !== '') {
$manager = \OC::$server->getContentSecurityPolicyManager(); $manager = \OC::$server->getContentSecurityPolicyManager();
$policy = new ContentSecurityPolicy(); $policy = new ContentSecurityPolicy();

14
lib/Controller/DocumentController.php
View File

@ -129,7 +129,12 @@ class DocumentController extends Controller {
$response = new TemplateResponse('richdocuments', 'documents', $params, 'empty'); $response = new TemplateResponse('richdocuments', 'documents', $params, 'empty');
$policy = new ContentSecurityPolicy(); $policy = new ContentSecurityPolicy();
$policy->addAllowedFrameDomain(str_replace("hostname.host", $_SERVER["HTTP_HOST"], $this->appConfig->getAppValue('wopi_url'))); $replaceWith = str_replace("hostname.host", $_SERVER['HTTP_HOST'], $this->config->getAppValue('richdocuments', 'wopi_url'));
// Use plain HTTP for .onion/TOR
if (strpos($replaceWith, ".onion") !== FALSE) {
$replaceWith = str_replace("https://", "http://", $replaceWith);
}
$policy->addAllowedFrameDomain($replaceWith);
$policy->allowInlineScript(true); $policy->allowInlineScript(true);
$response->setContentSecurityPolicy($policy); $response->setContentSecurityPolicy($policy);
return $response; return $response;
@ -192,7 +197,12 @@ class DocumentController extends Controller {
$response = new TemplateResponse('richdocuments', 'documents', $params, 'empty'); $response = new TemplateResponse('richdocuments', 'documents', $params, 'empty');
$policy = new ContentSecurityPolicy(); $policy = new ContentSecurityPolicy();
$policy->addAllowedFrameDomain(str_replace("hostname.host", $_SERVER["HTTP_HOST"], $this->appConfig->getAppValue('wopi_url'))); $replaceWith = str_replace("hostname.host", $_SERVER['HTTP_HOST'], $this->config->getAppValue('richdocuments', 'wopi_url'));
// Use plain HTTP for .onion/TOR
if (strpos($replaceWith, ".onion") !== FALSE) {
$replaceWith = str_replace("https://", "http://", $replaceWith);
}
$policy->addAllowedFrameDomain($replaceWith);
$policy->allowInlineScript(true); $policy->allowInlineScript(true);
$response->setContentSecurityPolicy($policy); $response->setContentSecurityPolicy($policy);
return $response; return $response;