mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add custom CSP for Win 10 compatibility 

The default content-security-policy of ownCloud forbids inline
JavaScript for security reasons. IE starting on Windows 10 will
however also obey the CSP which will break the event source fallback.
As a workaround thus we set a custom policy which allows the execution
of inline JavaScript.

This fixes https://github.com/owncloud/core/issues/14286
This commit is contained in:
Lukas Reschke 2015-07-21 20:40:32 +02:00
parent 2d691c2fb4
commit 874ccbfb81
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/private/eventsource.php
View File

@ -59,6 +59,17 @@ class OC_EventSource implements \OCP\IEventSource {
$this->fallback = isset($_GET['fallback']) and $_GET['fallback'] == 'true';
if ($this->fallback) {
$this->fallBackId = (int)$_GET['fallback_id'];
/**
* FIXME: The default content-security-policy of ownCloud forbids inline
* JavaScript for security reasons. IE starting on Windows 10 will
* however also obey the CSP which will break the event source fallback.
*
* As a workaround thus we set a custom policy which allows the execution
* of inline JavaScript.
*
* @link https://github.com/owncloud/core/issues/14286
*/
header("Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline'");
header("Content-Type: text/html");
echo str_repeat('<span></span>' . PHP_EOL, 10); //dummy data to keep IE happy
} else {