upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-21 14:23:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 15

Merge pull request #58877 from nextcloud/backport/58853/stable33

Browse source 
[stable33] fix(videoverification): Remove CSP wildcard for video verification
This commit is contained in:
Carl Schwan 2026-03-12 09:51:03 +01:00 committed by GitHub
commit b8df0951be
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
apps/files_sharing/lib/Controller/ShareController.php
View file

@ -7,7 +7,6 @@
*/
namespace OCA\Files_Sharing\Controller;
use OC\Security\CSP\ContentSecurityPolicy;
use OCA\DAV\Connector\Sabre\PublicAuth;
use OCA\FederatedFileSharing\FederatedShareProvider;
use OCA\Files_Sharing\Event\BeforeTemplateRenderedEvent;
@ -92,15 +91,7 @@ class ShareController extends AuthPublicShareController {
$this->eventDispatcher->dispatchTyped(new BeforeTemplateRenderedEvent($this->share, BeforeTemplateRenderedEvent::SCOPE_PUBLIC_SHARE_AUTH));
$response = new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest');
if ($this->share->getSendPasswordByTalk()) {
$csp = new ContentSecurityPolicy();
$csp->addAllowedConnectDomain('*');
$csp->addAllowedMediaDomain('blob:');
$response->setContentSecurityPolicy($csp);
}
return $response;
return new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest');
}
/**
@ -111,15 +102,7 @@ class ShareController extends AuthPublicShareController {
$this->eventDispatcher->dispatchTyped(new BeforeTemplateRenderedEvent($this->share, BeforeTemplateRenderedEvent::SCOPE_PUBLIC_SHARE_AUTH));
$response = new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest');
if ($this->share->getSendPasswordByTalk()) {
$csp = new ContentSecurityPolicy();
$csp->addAllowedConnectDomain('*');
$csp->addAllowedMediaDomain('blob:');
$response->setContentSecurityPolicy($csp);
}
return $response;
return new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest');
}
/**
@ -130,15 +113,7 @@ class ShareController extends AuthPublicShareController {
$this->eventDispatcher->dispatchTyped(new BeforeTemplateRenderedEvent($this->share, BeforeTemplateRenderedEvent::SCOPE_PUBLIC_SHARE_AUTH));
$response = new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest');
if ($this->share->getSendPasswordByTalk()) {
$csp = new ContentSecurityPolicy();
$csp->addAllowedConnectDomain('*');
$csp->addAllowedMediaDomain('blob:');
$response->setContentSecurityPolicy($csp);
}
return $response;
return new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest');
}
/**