diff options
author | Bernhard Posselt <Raydiation@users.noreply.github.com> | 2015-03-30 19:40:07 +0200 |
---|---|---|
committer | Bernhard Posselt <Raydiation@users.noreply.github.com> | 2015-03-30 19:40:07 +0200 |
commit | 05985bc2965f8a332e98121050ba1f07343bbc0f (patch) | |
tree | 96ca5d59b7ce3c9d3678dd95d8595145d1d5df08 /controller/pagecontroller.php | |
parent | eb7fc97f33cadcf041a06915b8f1650a9b4f6bbb (diff) | |
parent | ee3d2332ec97487893ae5f1f46b599c550b25eb6 (diff) |
Merge pull request #751 from owncloud/next
Changes for 8.1
Diffstat (limited to 'controller/pagecontroller.php')
-rw-r--r-- | controller/pagecontroller.php | 25 |
1 files changed, 12 insertions, 13 deletions
diff --git a/controller/pagecontroller.php b/controller/pagecontroller.php index 88e3c9016..5768549c6 100644 --- a/controller/pagecontroller.php +++ b/controller/pagecontroller.php @@ -13,13 +13,14 @@ namespace OCA\News\Controller; -use OCP\AppFramework\Http\TemplateResponse; -use OCP\AppFramework\Http\JSONResponse; use OCP\IRequest; use OCP\IConfig; use OCP\IL10N; use OCP\IURLGenerator; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\TemplateResponse; +use OCP\AppFramework\Http\JSONResponse; +use OCP\AppFramework\Http\ContentSecurityPolicy; use OCA\News\Service\StatusService; use OCA\News\Config\AppConfig; @@ -70,17 +71,15 @@ class PageController extends Controller { 'cronWarning' => $status['warnings']['improperlyConfiguredCron'] ]); - // set csp rules for ownCloud 8.1 - if (class_exists('OCP\AppFramework\Http\ContentSecurityPolicy')) { - $csp = new \OCP\AppFramework\Http\ContentSecurityPolicy(); - $csp->addAllowedImageDomain('*'); - $csp->addAllowedMediaDomain('*'); - $csp->addAllowedFrameDomain('https://youtube.com'); - $csp->addAllowedFrameDomain('https://www.youtube.com'); - $csp->addAllowedFrameDomain('https://player.vimeo.com'); - $csp->addAllowedFrameDomain('https://www.player.vimeo.com'); - $response->setContentSecurityPolicy($csp); - } + $csp = new ContentSecurityPolicy(); + $csp->addAllowedImageDomain('*') + ->addAllowedMediaDomain('*') + ->addAllowedConnectDomain('*') // chrome breaks on audio elements + ->addAllowedFrameDomain('https://youtube.com') + ->addAllowedFrameDomain('https://www.youtube.com') + ->addAllowedFrameDomain('https://player.vimeo.com') + ->addAllowedFrameDomain('https://www.player.vimeo.com'); + $response->setContentSecurityPolicy($csp); return $response; } |