wsd/FileServer.cpp | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
New commits:
commit abe010905d35d261e2c9c3d7f1e21a962323e722
Author: Pranav Kant <pran...@collabora.co.uk>
Date: Tue Jun 6 17:36:47 2017 +0530
CSP - allow WOPI host as image sources
This is needed to avoid CSP error when loading the avatar image URL from
the WOPI hosts.
Change-Id: I6bd8bd846f81bc799192e7fbc16b2d7ecc9f555e
(cherry picked from commit 2d0ec13249851756eb320f004850cc25d98f1acc)
Reviewed-on: https://gerrit.libreoffice.org/38442
Reviewed-by: Jan Holesovsky <ke...@collabora.com>
Tested-by: Jan Holesovsky <ke...@collabora.com>
diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp
index 058f6816..7c975d1b 100644
--- a/wsd/FileServer.cpp
+++ b/wsd/FileServer.cpp
@@ -390,8 +390,7 @@ void FileServerRequestHandler::preprocessFile(const
HTTPRequest& request, Poco::
<< "connect-src 'self' " << host << "; "
<< "script-src 'unsafe-inline' 'self'; "
<< "style-src 'self' 'unsafe-inline'; "
- << "font-src 'self' data:; "
- << "img-src 'self' data:; ";
+ << "font-src 'self' data:; ";
std::string frameAncestor;
const auto it = request.find("Referer"); // Referer[sic]
@@ -423,12 +422,14 @@ void FileServerRequestHandler::preprocessFile(const
HTTPRequest& request, Poco::
// Replaced by frame-ancestors in CSP but some oldies don't know about
that
oss << "X-Frame-Options: allow-from " << frameAncestor << "\r\n";
- cspOss << "frame-ancestors " << frameAncestor;
+ cspOss << "img-src 'self' data: " << frameAncestor << "; "
+ << "frame-ancestors " << frameAncestor;
}
else
{
LOG_TRC("Denied frame ancestor: " << frameAncestor);
+ cspOss << "img-src 'self' data: ;";
oss << "X-Frame-Options: deny\r\n";
}
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
