opensourcemirror
/
nextcloud-calendar
mirror of https://github.com/nextcloud/calendar.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #2087 from nextcloud/fix/embeded-csp 

Allow embedding in the CSP
This commit is contained in:
Roeland Jago Douma 2020-03-18 19:22:26 +01:00 committed by GitHub
parent 884d8c3474 c92f57679d
commit 6a94f1c396
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/Controller/PublicViewController.php
View File

@ -23,6 +23,7 @@ declare(strict_types=1);
namespace OCA\Calendar\Controller;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\ContentSecurityPolicy;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\IConfig;
use OCP\IInitialStateService;
@ -97,6 +98,10 @@ class PublicViewController extends Controller {
$response = $this->publicIndex($token, 'base');
$response->addHeader('X-Frame-Options', 'ALLOW');
$csp = new ContentSecurityPolicy();
$csp->addAllowedFrameAncestorDomain('*');
$response->setContentSecurityPolicy($csp);
return $response;
}