owncloud
Cannot add csp domain
Hello experts,
I need to add a new domain name to the CSP scripts allowed site, I found OC\lib\Public\AppFramework\Http\ContentSecurityPolicy.php handle this issue(maybe?), I changed the following lines to add my domain name, but even if I restart my OC server, bu no result.
class ContentSecurityPolicy extends EmptyContentSecurityPolicy { /** @var bool Whether inline JS snippets are allowed / protected $inlineScriptAllowed = false; /* * @var bool Whether eval in JS scripts is allowed * TODO: Disallow per default * @link https: / protected $evalScriptAllowed = true; /* @var array Domains from which scripts can get loaded / protected $allowedScriptDomains = [ ''self'', 'x.y.co m', ]; /*
I am trying to setup OC with Onlyoffice on my QNAP NAS, OC use the domain a.b.co m, Onlyoffice use domain x.y.co m.Either OC or Onlyoffice works perfect individually.
But after inegration, I got the following error message:ONLYOFFICE cannot be reached. Please contact admin, and via Chrom console "Refused to load the script 'https x.y.com/web-apps/apps/api/documents/api.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."
If I disabled CSP within Chrome browser, it works perfect. I learnt that from v8.1 csp was not stricted, and users cannot change. but how can I handle this issue
My environment was QNAP NAS with built in owncloud version 10.10.0 (stable)
Not a support forum here, see these for getting such:
- https://central.owncloud.org/
- https://owncloud.com/support
Also please don't cross-post at multiple places, a support question is already open here:
https://central.owncloud.org/t/csp-was-not-changed-even-if-contentsecuritypolicy-php-changed/47023
-> Close as not a bug in ownCloud
