/**
* @PublicPage
* @NoCSRFRequired
*
* @return TemplateResponse
*/
public function showReader()
{
$params = ['urlGenerator' => $this->urlGenerator];
$response = new TemplateResponse($this->appName, 'reader', $params, 'blank');
$csp = new ContentSecurityPolicy();
$csp->addAllowedChildSrcDomain('\'self\'');
$csp->addAllowedFrameDomain('\'self\'');
$csp->addAllowedStyleDomain('blob:');
$csp->addAllowedImageDomain('blob:');
$response->setContentSecurityPolicy($csp);
return $response;
}
/**
* @PublicPage
* @NoCSRFRequired
*
* @return TemplateResponse
*/
public function showLibreOnline()
{
$params = ['urlGenerator' => $this->urlGenerator];
$response = new TemplateResponse($this->appName, 'online', $params, 'blank');
$policy = new ContentSecurityPolicy();
$policy->addAllowedChildSrcDomain('*');
$policy->addAllowedScriptDomain("*");
$policy->addAllowedConnectDomain("*");
$policy->addAllowedStyleDomain("*");
$policy->addAllowedMediaDomain("*");
$policy->addAllowedFontDomain('*');
$policy->addAllowedImageDomain('*');
$policy->addAllowedFrameDomain('*');
$policy->addAllowedObjectDomain('*');
$policy->allowInlineScript(True);
$policy->allowInlineStyle(True);
$policy->allowEvalScript(True);
$response->setContentSecurityPolicy($policy);
return $response;
}
public function testGetPolicyStyleAllowInlineWithDomain()
{
$expectedPolicy = "default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self' www.owncloud.com 'unsafe-inline';img-src 'self';font-src 'self';connect-src 'self';media-src 'self'";
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
}