コード例 #1
0
 /**
  * @PublicPage
  * @NoCSRFRequired
  *
  * @return TemplateResponse
  */
 public function showReader()
 {
     $params = ['urlGenerator' => $this->urlGenerator];
     $response = new TemplateResponse($this->appName, 'reader', $params, 'blank');
     $csp = new ContentSecurityPolicy();
     $csp->addAllowedChildSrcDomain('\'self\'');
     $csp->addAllowedFrameDomain('\'self\'');
     $csp->addAllowedStyleDomain('blob:');
     $csp->addAllowedImageDomain('blob:');
     $response->setContentSecurityPolicy($csp);
     return $response;
 }
コード例 #2
0
 /**
  * @PublicPage
  * @NoCSRFRequired
  *
  * @return TemplateResponse
  */
 public function showLibreOnline()
 {
     $params = ['urlGenerator' => $this->urlGenerator];
     $response = new TemplateResponse($this->appName, 'online', $params, 'blank');
     $policy = new ContentSecurityPolicy();
     $policy->addAllowedChildSrcDomain('*');
     $policy->addAllowedScriptDomain("*");
     $policy->addAllowedConnectDomain("*");
     $policy->addAllowedStyleDomain("*");
     $policy->addAllowedMediaDomain("*");
     $policy->addAllowedFontDomain('*');
     $policy->addAllowedImageDomain('*');
     $policy->addAllowedFrameDomain('*');
     $policy->addAllowedObjectDomain('*');
     $policy->allowInlineScript(True);
     $policy->allowInlineStyle(True);
     $policy->allowEvalScript(True);
     $response->setContentSecurityPolicy($policy);
     return $response;
 }
コード例 #3
0
 public function testGetPolicyStyleAllowInlineWithDomain()
 {
     $expectedPolicy = "default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self' www.owncloud.com 'unsafe-inline';img-src 'self';font-src 'self';connect-src 'self';media-src 'self'";
     $this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
     $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
 }