documentserver_community icon indicating copy to clipboard operation
documentserver_community copied to clipboard
verified publisher icon nextcloud

CSP header

Open AurelienLemaire opened this issue 2 years ago • 0 comments

In the StaticController, the CSP policy is defined, but the CSP header is not set. => the OO window can't open in nextcloud

fixed it that way

	$csp = new ContentSecurityPolicy();
	$csp->addAllowedScriptDomain($this->request->getServerHost());
	$csp->addAllowedScriptDomain('\'unsafe-eval\'');
	$csp->addAllowedScriptDomain('\'unsafe-inline\'');
	$csp->addAllowedFrameDomain($this->request->getServerHost());
	$response->setContentSecurityPolicy($csp);

//ADD THIS $response->addHeader('Content-Security-Policy', $csp->buildPolicy());

can't commit cause i'm part of this project

AurelienLemaire avatar Dec 14 '23 19:12 AurelienLemaire