From ecd02e13dbd41533006d1e275db9aed56479e7a1 Mon Sep 17 00:00:00 2001
From: Skylar Ittner <admin@netsyms.com>
Date: Thu, 7 Sep 2017 20:27:00 -0600
Subject: [PATCH] Maybe fix things with .onion...

---
 appinfo/app.php                       |  7 ++++++-
 lib/Controller/DocumentController.php | 14 ++++++++++++--
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/appinfo/app.php b/appinfo/app.php
index d747b5fc..bc90f651 100644
--- a/appinfo/app.php
+++ b/appinfo/app.php
@@ -49,7 +49,12 @@ if (class_exists('\OC\Files\Type\TemplateManager')) {
 }
 
 // Whitelist the wopi URL for iframes, required for Firefox
-$wopiUrl = str_replace("hostname.host", $_SERVER["HTTP_HOST"], \OC::$server->getConfig()->getAppValue('richdocuments', 'wopi_url'));
+$replaceWith = str_replace("hostname.host", $_SERVER['HTTP_HOST'], $this->config->getAppValue('richdocuments', 'wopi_url'));
+// Use plain HTTP for .onion/TOR
+if (strpos($replaceWith, ".onion") !== FALSE) {
+    $replaceWith = str_replace("https://", "http://", $replaceWith);
+}
+$wopiUrl = $replaceWith;
 if ($wopiUrl !== '') {
 	$manager = \OC::$server->getContentSecurityPolicyManager();
 	$policy = new ContentSecurityPolicy();
diff --git a/lib/Controller/DocumentController.php b/lib/Controller/DocumentController.php
index 83b997d0..05c6f68a 100644
--- a/lib/Controller/DocumentController.php
+++ b/lib/Controller/DocumentController.php
@@ -129,7 +129,12 @@ class DocumentController extends Controller {
 
 			$response = new TemplateResponse('richdocuments', 'documents', $params, 'empty');
 			$policy = new ContentSecurityPolicy();
-			$policy->addAllowedFrameDomain(str_replace("hostname.host", $_SERVER["HTTP_HOST"], $this->appConfig->getAppValue('wopi_url')));
+                        $replaceWith = str_replace("hostname.host", $_SERVER['HTTP_HOST'], $this->config->getAppValue('richdocuments', 'wopi_url'));
+                        // Use plain HTTP for .onion/TOR
+                        if (strpos($replaceWith, ".onion") !== FALSE) {
+                            $replaceWith = str_replace("https://", "http://", $replaceWith);
+                        }
+			$policy->addAllowedFrameDomain($replaceWith);
 			$policy->allowInlineScript(true);
 			$response->setContentSecurityPolicy($policy);
 			return $response;
@@ -192,7 +197,12 @@ class DocumentController extends Controller {
 
 				$response = new TemplateResponse('richdocuments', 'documents', $params, 'empty');
 				$policy = new ContentSecurityPolicy();
-				$policy->addAllowedFrameDomain(str_replace("hostname.host", $_SERVER["HTTP_HOST"], $this->appConfig->getAppValue('wopi_url')));
+                                $replaceWith = str_replace("hostname.host", $_SERVER['HTTP_HOST'], $this->config->getAppValue('richdocuments', 'wopi_url'));
+                                // Use plain HTTP for .onion/TOR
+                                if (strpos($replaceWith, ".onion") !== FALSE) {
+                                    $replaceWith = str_replace("https://", "http://", $replaceWith);
+                                }
+				$policy->addAllowedFrameDomain($replaceWith);
 				$policy->allowInlineScript(true);
 				$response->setContentSecurityPolicy($policy);
 				return $response;