|
|
|
@ -129,7 +129,12 @@ class DocumentController extends Controller {
|
|
|
|
|
|
|
|
|
|
$response = new TemplateResponse('richdocuments', 'documents', $params, 'empty');
|
|
|
|
|
$policy = new ContentSecurityPolicy();
|
|
|
|
|
$policy->addAllowedFrameDomain(str_replace("hostname.host", $_SERVER["HTTP_HOST"], $this->appConfig->getAppValue('wopi_url')));
|
|
|
|
|
$replaceWith = str_replace("hostname.host", $_SERVER['HTTP_HOST'], $this->config->getAppValue('richdocuments', 'wopi_url'));
|
|
|
|
|
// Use plain HTTP for .onion/TOR
|
|
|
|
|
if (strpos($replaceWith, ".onion") !== FALSE) {
|
|
|
|
|
$replaceWith = str_replace("https://", "http://", $replaceWith);
|
|
|
|
|
}
|
|
|
|
|
$policy->addAllowedFrameDomain($replaceWith);
|
|
|
|
|
$policy->allowInlineScript(true);
|
|
|
|
|
$response->setContentSecurityPolicy($policy);
|
|
|
|
|
return $response;
|
|
|
|
@ -192,7 +197,12 @@ class DocumentController extends Controller {
|
|
|
|
|
|
|
|
|
|
$response = new TemplateResponse('richdocuments', 'documents', $params, 'empty');
|
|
|
|
|
$policy = new ContentSecurityPolicy();
|
|
|
|
|
$policy->addAllowedFrameDomain(str_replace("hostname.host", $_SERVER["HTTP_HOST"], $this->appConfig->getAppValue('wopi_url')));
|
|
|
|
|
$replaceWith = str_replace("hostname.host", $_SERVER['HTTP_HOST'], $this->config->getAppValue('richdocuments', 'wopi_url'));
|
|
|
|
|
// Use plain HTTP for .onion/TOR
|
|
|
|
|
if (strpos($replaceWith, ".onion") !== FALSE) {
|
|
|
|
|
$replaceWith = str_replace("https://", "http://", $replaceWith);
|
|
|
|
|
}
|
|
|
|
|
$policy->addAllowedFrameDomain($replaceWith);
|
|
|
|
|
$policy->allowInlineScript(true);
|
|
|
|
|
$response->setContentSecurityPolicy($policy);
|
|
|
|
|
return $response;
|
|
|
|
|