[Libreoffice-commits] online.git: wsd/FileServer.cpp
Pranav Kant
pranavk at collabora.co.uk
Tue Jun 6 12:08:02 UTC 2017
wsd/FileServer.cpp | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
New commits:
commit 2d0ec13249851756eb320f004850cc25d98f1acc
Author: Pranav Kant <pranavk at collabora.co.uk>
Date: Tue Jun 6 17:36:47 2017 +0530
CSP - allow WOPI host as image sources
This is needed to avoid CSP error when loading the avatar image URL from
the WOPI hosts.
Change-Id: I6bd8bd846f81bc799192e7fbc16b2d7ecc9f555e
diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp
index 18a82f5c..076b405c 100644
--- a/wsd/FileServer.cpp
+++ b/wsd/FileServer.cpp
@@ -518,8 +518,7 @@ void FileServerRequestHandler::preprocessFile(const HTTPRequest& request, Poco::
<< "connect-src 'self' " << host << "; "
<< "script-src 'unsafe-inline' 'self'; "
<< "style-src 'self' 'unsafe-inline'; "
- << "font-src 'self' data:; "
- << "img-src 'self' data:; ";
+ << "font-src 'self' data:; ";
std::string frameAncestor;
const auto it = request.find("Referer"); // Referer[sic]
@@ -551,12 +550,14 @@ void FileServerRequestHandler::preprocessFile(const HTTPRequest& request, Poco::
// Replaced by frame-ancestors in CSP but some oldies don't know about that
oss << "X-Frame-Options: allow-from " << frameAncestor << "\r\n";
- cspOss << "frame-ancestors " << frameAncestor;
+ cspOss << "img-src 'self' data: " << frameAncestor << "; "
+ << "frame-ancestors " << frameAncestor;
}
else
{
LOG_TRC("Denied frame ancestor: " << frameAncestor);
+ cspOss << "img-src 'self' data: ;";
oss << "X-Frame-Options: deny\r\n";
}
More information about the Libreoffice-commits
mailing list