Allow framing 'self'

This is required by the pdf viewer, since the files app on master uses the AppFramework it had applied the more strict defaults which made it not work on master.
2026-04-22 23:03:00 -04:00 · 2015-12-02 17:30:40 +01:00 · 2015-12-02 17:30:40 +01:00 · 8aaab0dbad
commit 8aaab0dbad
parent 8d218bf3ef
2 changed files with 10 additions and 1 deletions
--- a/apps/files/controller/viewcontroller.php
+++ b/apps/files/controller/viewcontroller.php
@ -23,6 +23,7 @@ namespace OCA\Files\Controller;

 use OC\AppFramework\Http\Request;
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\ContentSecurityPolicy;
 use OCP\AppFramework\Http\RedirectResponse;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\IL10N;
@ -215,10 +216,15 @@ class ViewController extends Controller {
 		$params['appContents'] = $contentItems;
 		$this->navigationManager->setActiveEntry('files_index');

-		return new TemplateResponse(
+		$response = new TemplateResponse(
 			$this->appName,
 			'index',
 			$params
 		);
+		$policy = new ContentSecurityPolicy();
+		$policy->addAllowedFrameDomain('\'self\'');
+		$response->setContentSecurityPolicy($policy);
+
+		return $response;
 	}
 }
--- a/apps/files/tests/controller/ViewControllerTest.php
+++ b/apps/files/tests/controller/ViewControllerTest.php
@ -245,6 +245,9 @@ class ViewControllerTest extends TestCase {
 				],
 			]
 		);
+		$policy = new Http\ContentSecurityPolicy();
+		$policy->addAllowedFrameDomain('\'self\'');
+		$expected->setContentSecurityPolicy($policy);
 		$this->assertEquals($expected, $this->viewController->index('MyDir', 'MyView'));
 	}
 }