Merge pull request #11974 from nextcloud/bugfix/noid/lax-csp-on-talk-shares
Use lax CSP when the share is a talk share
This commit is contained in:
commit
d11609a152
|
@ -35,6 +35,7 @@
|
||||||
|
|
||||||
namespace OCA\Files_Sharing\Controller;
|
namespace OCA\Files_Sharing\Controller;
|
||||||
|
|
||||||
|
use OC\Security\CSP\ContentSecurityPolicy;
|
||||||
use OC_Files;
|
use OC_Files;
|
||||||
use OC_Util;
|
use OC_Util;
|
||||||
use OCA\FederatedFileSharing\FederatedShareProvider;
|
use OCA\FederatedFileSharing\FederatedShareProvider;
|
||||||
|
@ -158,7 +159,16 @@ class ShareController extends AuthPublicShareController {
|
||||||
$event = new GenericEvent(null, $templateParameters);
|
$event = new GenericEvent(null, $templateParameters);
|
||||||
$this->eventDispatcher->dispatch('OCA\Files_Sharing::loadAdditionalScripts::publicShareAuth', $event);
|
$this->eventDispatcher->dispatch('OCA\Files_Sharing::loadAdditionalScripts::publicShareAuth', $event);
|
||||||
|
|
||||||
return new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest');
|
$response = new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest');
|
||||||
|
if ($this->share->getSendPasswordByTalk()) {
|
||||||
|
$csp = new ContentSecurityPolicy();
|
||||||
|
$csp->addAllowedConnectDomain('*');
|
||||||
|
$csp->addAllowedMediaDomain('blob:');
|
||||||
|
$csp->allowEvalScript(true);
|
||||||
|
$response->setContentSecurityPolicy($csp);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $response;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -170,7 +180,16 @@ class ShareController extends AuthPublicShareController {
|
||||||
$event = new GenericEvent(null, $templateParameters);
|
$event = new GenericEvent(null, $templateParameters);
|
||||||
$this->eventDispatcher->dispatch('OCA\Files_Sharing::loadAdditionalScripts::publicShareAuth', $event);
|
$this->eventDispatcher->dispatch('OCA\Files_Sharing::loadAdditionalScripts::publicShareAuth', $event);
|
||||||
|
|
||||||
return new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest');
|
$response = new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest');
|
||||||
|
if ($this->share->getSendPasswordByTalk()) {
|
||||||
|
$csp = new ContentSecurityPolicy();
|
||||||
|
$csp->addAllowedConnectDomain('*');
|
||||||
|
$csp->addAllowedMediaDomain('blob:');
|
||||||
|
$csp->allowEvalScript(true);
|
||||||
|
$response->setContentSecurityPolicy($csp);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $response;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function verifyPassword(string $password): bool {
|
protected function verifyPassword(string $password): bool {
|
||||||
|
|
Loading…
Reference in New Issue