From 8aaab0dbadf1798bdc11e8fefddad01cf23e1892 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Wed, 2 Dec 2015 17:30:40 +0100 Subject: [PATCH] Allow framing 'self' This is required by the pdf viewer, since the files app on master uses the AppFramework it had applied the more strict defaults which made it not work on master. --- apps/files/controller/viewcontroller.php | 8 +++++++- apps/files/tests/controller/ViewControllerTest.php | 3 +++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/apps/files/controller/viewcontroller.php b/apps/files/controller/viewcontroller.php index 1d1a9111d1..d9c5959286 100644 --- a/apps/files/controller/viewcontroller.php +++ b/apps/files/controller/viewcontroller.php @@ -23,6 +23,7 @@ namespace OCA\Files\Controller; use OC\AppFramework\Http\Request; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\ContentSecurityPolicy; use OCP\AppFramework\Http\RedirectResponse; use OCP\AppFramework\Http\TemplateResponse; use OCP\IL10N; @@ -215,10 +216,15 @@ class ViewController extends Controller { $params['appContents'] = $contentItems; $this->navigationManager->setActiveEntry('files_index'); - return new TemplateResponse( + $response = new TemplateResponse( $this->appName, 'index', $params ); + $policy = new ContentSecurityPolicy(); + $policy->addAllowedFrameDomain('\'self\''); + $response->setContentSecurityPolicy($policy); + + return $response; } } diff --git a/apps/files/tests/controller/ViewControllerTest.php b/apps/files/tests/controller/ViewControllerTest.php index 028dfce8c5..0e8ab5e752 100644 --- a/apps/files/tests/controller/ViewControllerTest.php +++ b/apps/files/tests/controller/ViewControllerTest.php @@ -245,6 +245,9 @@ class ViewControllerTest extends TestCase { ], ] ); + $policy = new Http\ContentSecurityPolicy(); + $policy->addAllowedFrameDomain('\'self\''); + $expected->setContentSecurityPolicy($policy); $this->assertEquals($expected, $this->viewController->index('MyDir', 'MyView')); } }