/** * CAUTION: the @Stuff turn off security checks, for this page no admin is * required and no CSRF check. If you don't know what CSRF is, read * it up in the docs or you might create a security hole. This is * basically the only required method to add this exemption, don't * add it to any other method if you don't exactly know what it does * * @NoAdminRequired * @NoCSRFRequired */ public function index() { $params = array('user' => $this->userId, 'devices' => $this->deviceMapper->findAll($this->userId)); $response = new TemplateResponse('maps', 'main', $params); if (class_exists('OCP\\AppFramework\\Http\\ContentSecurityPolicy')) { $csp = new \OCP\AppFramework\Http\ContentSecurityPolicy(); // map tiles $csp->addAllowedImageDomain('http://*.mqcdn.com'); // marker icons $csp->addAllowedImageDomain('https://api.tiles.mapbox.com'); // inline images $csp->addAllowedScriptDomain('data:'); $response->setContentSecurityPolicy($csp); } return $response; // templates/main.php }
<?php /** * owncloud_piwik * * Copyright (c) 2015 Klaus Herberth <*****@*****.**> <br> * Released under the MIT license * * @author Klaus Herberth <*****@*****.**> * @license MIT */ OCP\App::registerAdmin('piwik', 'settings-admin'); $internal = OCP\Config::getAppValue('piwik', 'internal'); if ($internal === 'yes') { OCP\Util::addScript('piwik', 'piwik'); } if (class_exists('\\OCP\\AppFramework\\Http\\ContentSecurityPolicy')) { $piwik = json_decode(OCP\Config::getAppValue('piwik', 'piwik')); $url = parse_url($piwik->url, PHP_URL_HOST); if ($_SERVER['HTTP_HOST'] !== $url) { $policy = new OCP\AppFramework\Http\ContentSecurityPolicy(); $policy->addAllowedScriptDomain($url); $policy->addAllowedImageDomain($url); \OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy); } } OCP\Util::addScript('piwik', 'track');