Merge pull request #2067 from nextcloud/backport/2051/stable23

[stable23] 🐛 Fix CSP violation when Nextcloud server has so-called 'service root'
nextcloud-releases · Feb 22, 2022 · 3473730 · 3473730
2 parents 5ac0be9 + 3d3904d
commit 3473730
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 3 deletions.
diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php
@@ -211,9 +211,7 @@ public function updateCSP() {
 		if ($publicWopiUrl !== '') {
 			$policy->addAllowedFrameDomain('\'self\'');
 			$policy->addAllowedFrameDomain($this->domainOnly($publicWopiUrl));
-			if (method_exists($policy, 'addAllowedFormActionDomain')) {
-				$policy->addAllowedFormActionDomain($this->domainOnly($publicWopiUrl));
-			}
+			$policy->addAllowedFormActionDomain($this->domainOnly($publicWopiUrl));
 		}
 
 		/**

diff --git a/lib/Controller/DocumentController.php b/lib/Controller/DocumentController.php
@@ -159,6 +159,7 @@ private function setupPolicy($response) {
 		$policy = new ContentSecurityPolicy();
 		$policy->addAllowedFrameDomain($wopiDomain);
 		$policy->allowInlineScript(true);
+		$policy->addAllowedFormActionDomain($wopiDomain);
 		$response->setContentSecurityPolicy($policy);
 
 		$featurePolicy = new FeaturePolicy();