Skip to content

StorageContoroller content security policy prevents serving HTML sites #137

New issue
New issue
Closed
Closed
StorageContoroller content security policy prevents serving HTML sites#137
Milestone
v0.7.3 / v0.8.0
@ylebre

Description

@ylebre
ylebre
opened on Nov 12, 2023

The content security policy for the StorageController is too strict to serve HTML sites.

Adding this:

use OCP\AppFramework\Http\EmptyContentSecurityPolicy;

To the top of the file, and adding a content security policy in the 'respond' function:

                $policy = new EmptyContentSecurityPolicy();
                $policy->addAllowedStyleDomain("*");
                $policy->addAllowedStyleDomain("data:");
                $policy->addAllowedScriptDomain("*");
                $policy->addAllowedImageDomain("*");
                $policy->addAllowedFontDomain("*");
                $policy->addAllowedConnectDomain("*");
                $policy->allowInlineStyle(true);
                $policy->allowInlineScript(true);
                $policy->allowEvalScript(true);
                $result->setContentSecurityPolicy($policy);

will allow simply-present to work on solid-nextcloud.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions