Allow 2FA providers to specify their custom CSP
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This commit is contained in:
parent
cfe5d35862
commit
6676232a56
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
|
@ -29,6 +30,7 @@ use OC_Util;
|
|||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http\RedirectResponse;
|
||||
use OCP\AppFramework\Http\TemplateResponse;
|
||||
use OCP\Authentication\TwoFactorAuth\IProvidesCustomCSP;
|
||||
use OCP\Authentication\TwoFactorAuth\TwoFactorException;
|
||||
use OCP\IRequest;
|
||||
use OCP\ISession;
|
||||
|
@ -135,7 +137,11 @@ class TwoFactorChallengeController extends Controller {
|
|||
'redirect_url' => $redirect_url,
|
||||
'template' => $tmpl->fetchPage(),
|
||||
];
|
||||
return new TemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest');
|
||||
$response = new TemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest');
|
||||
if ($provider instanceof IProvidesCustomCSP) {
|
||||
$response->setContentSecurityPolicy($provider->getCSP());
|
||||
}
|
||||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -0,0 +1,38 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @author Christoph Wurst <christoph@winzerhof-wurst.at>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCP\Authentication\TwoFactorAuth;
|
||||
|
||||
use OCP\AppFramework\Http\ContentSecurityPolicy;
|
||||
|
||||
/**
|
||||
* @since 13.0.0
|
||||
*/
|
||||
interface IProvidesCustomCSP {
|
||||
|
||||
/**
|
||||
* @return ContentSecurityPolicy
|
||||
*
|
||||
* @since 13.0.0
|
||||
*/
|
||||
public function getCSP();
|
||||
}
|
Loading…
Reference in New Issue