Compare commits

...

4 Commits

@ -49,7 +49,12 @@ if (class_exists('\OC\Files\Type\TemplateManager')) {
}
// Whitelist the wopi URL for iframes, required for Firefox
$wopiUrl = str_replace("hostname.host", $_SERVER["HTTP_HOST"], \OC::$server->getConfig()->getAppValue('richdocuments', 'wopi_url'));
$replaceWith = str_replace("hostname.host", $_SERVER['HTTP_HOST'], $this->config->getAppValue('richdocuments', 'wopi_url'));
// Use plain HTTP for .onion/TOR
if (strpos($replaceWith, ".onion") !== FALSE) {
$replaceWith = str_replace("https://", "http://", $replaceWith);
}
$wopiUrl = $replaceWith;
if ($wopiUrl !== '') {
$manager = \OC::$server->getContentSecurityPolicyManager();
$policy = new ContentSecurityPolicy();

@ -5,7 +5,7 @@
<description>Collabora Online allows you to to work with all kinds of office documents directly in your browser. This application requires Collabora Cloudsuite to be installed on one of your servers, please read the documentation to learn more about that.</description>
<summary>Edit office documents directly in your browser.</summary>
<licence>AGPL</licence>
<version>9999_1.12.34_dontsellme</version>
<version>1.12.34_dontsellme</version>
<author>Collabora Productivity based on work of Frank Karlitschek, Victor Dubiniuk</author>
<bugs>https://github.com/nextcloud/richdocuments/issues</bugs>
<repository type="git">https://github.com/nextcloud/richdocuments.git</repository>

@ -129,7 +129,12 @@ class DocumentController extends Controller {
$response = new TemplateResponse('richdocuments', 'documents', $params, 'empty');
$policy = new ContentSecurityPolicy();
$policy->addAllowedFrameDomain(str_replace("hostname.host", $_SERVER["HTTP_HOST"], $this->appConfig->getAppValue('wopi_url')));
$replaceWith = str_replace("hostname.host", $_SERVER['HTTP_HOST'], $this->config->getAppValue('richdocuments', 'wopi_url'));
// Use plain HTTP for .onion/TOR
if (strpos($replaceWith, ".onion") !== FALSE) {
$replaceWith = str_replace("https://", "http://", $replaceWith);
}
$policy->addAllowedFrameDomain($replaceWith);
$policy->allowInlineScript(true);
$response->setContentSecurityPolicy($policy);
return $response;
@ -192,7 +197,12 @@ class DocumentController extends Controller {
$response = new TemplateResponse('richdocuments', 'documents', $params, 'empty');
$policy = new ContentSecurityPolicy();
$policy->addAllowedFrameDomain(str_replace("hostname.host", $_SERVER["HTTP_HOST"], $this->appConfig->getAppValue('wopi_url')));
$replaceWith = str_replace("hostname.host", $_SERVER['HTTP_HOST'], $this->config->getAppValue('richdocuments', 'wopi_url'));
// Use plain HTTP for .onion/TOR
if (strpos($replaceWith, ".onion") !== FALSE) {
$replaceWith = str_replace("https://", "http://", $replaceWith);
}
$policy->addAllowedFrameDomain($replaceWith);
$policy->allowInlineScript(true);
$response->setContentSecurityPolicy($policy);
return $response;

@ -89,6 +89,12 @@ class DiscoveryManager {
$responseBody = $response->getBody();
$replaceWith = str_replace("hostname.host", $_SERVER['HTTP_HOST'], $this->config->getAppValue('richdocuments', 'wopi_url'));
// Use plain HTTP for .onion/TOR
if (strpos($replaceWith, ".onion") !== FALSE) {
$replaceWith = str_replace("https://", "http://", $replaceWith);
}
$responseBodyMangled = str_replace($this->config->getAppValue('richdocuments', 'wopi_internal_url'), $replaceWith, $responseBody);
// Skylar: Disable saving too, we don't need it if we're not loading ever
/*$file->putContent(

Loading…
Cancel
Save