search

pdsinterop / solid-nextcloud

A plugin to make Nextcloud compatible with Solid
https://pdsinterop.org/solid-nextcloud/
MIT License
71 stars 11 forks source link

StorageContoroller content security policy prevents serving HTML sites #137

Closed ylebre closed 5 months ago

ylebre commented 7 months ago

The content security policy for the StorageController is too strict to serve HTML sites.

Adding this:

use OCP\AppFramework\Http\EmptyContentSecurityPolicy;

To the top of the file, and adding a content security policy in the 'respond' function:

                $policy = new EmptyContentSecurityPolicy();
                $policy->addAllowedStyleDomain("*");
                $policy->addAllowedStyleDomain("data:");
                $policy->addAllowedScriptDomain("*");
                $policy->addAllowedImageDomain("*");
                $policy->addAllowedFontDomain("*");
                $policy->addAllowedConnectDomain("*");
                $policy->allowInlineStyle(true);
                $policy->allowInlineScript(true);
                $policy->allowEvalScript(true);
                $result->setContentSecurityPolicy($policy);

will allow simply-present to work on solid-nextcloud.

ylebre commented 5 months ago

Fixed in https://github.com/pdsinterop/solid-nextcloud/commit/23613edc5e7f379f628d28079be7cc4a277d841e