Commit cf25e6f5 authored by Lukas Reschke's avatar Lukas Reschke
Browse files

Merge pull request #14773 from owncloud/allow-iframes-from-self-in-share-view

Allow iframes from same domain in share view
parents dbade193 48243a29
......@@ -203,7 +203,12 @@ class ShareController extends Controller {
$shareTmpl['downloadURL'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.downloadShare', array('token' => $token));
$shareTmpl['maxSizeAnimateGif'] = $this->config->getSystemValue('max_filesize_animated_gifs_public_sharing', 10);
return new TemplateResponse($this->appName, 'public', $shareTmpl, 'base');
$csp = new OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedFrameDomain('\'self\'');
$response = new TemplateResponse($this->appName, 'public', $shareTmpl, 'base');
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
......
......@@ -159,7 +159,12 @@ class ShareControllerTest extends \Test\TestCase {
'nonHumanFileSize' => 33,
'maxSizeAnimateGif' => 10,
);
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
$csp->addAllowedFrameDomain('\'self\'');
$expectedResponse = new TemplateResponse($this->container['AppName'], 'public', $sharedTmplParams, 'base');
$expectedResponse->setContentSecurityPolicy($csp);
$this->assertEquals($expectedResponse, $response);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment