extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-23 00:13:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

move adding CSP frame-src of OpenIDConnect clients managed as apps to OpenID app

Browse Source
This commit is contained in:
Ralf Becker 2020-04-30 17:32:30 +02:00
parent 9a548dca68
commit 7bf6b33ab2
1 changed files with 0 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
api/src/Framework.php
View File

@ -148,16 +148,6 @@ abstract class Framework extends Framework\Extra
// add a content-type header to overwrite an existing default charset in apache (AddDefaultCharset directiv)
header('Content-type: text/html; charset='.Translation::charset());
// add CSP frame-src for apps which are just iframes
foreach($GLOBALS['egw_info']['user']['apps'] ?: [] as $app => $data)
{
if ($GLOBALS['egw_info']['apps'][$app]['status'] == 1 && !empty($data['index']) &&
preg_match('|^(https?://[^/]+)|', $data['index'], $matches))
{
ContentSecurityPolicy::add_frame_src($matches[1]);
}
}
Header\ContentSecurityPolicy::send();
// allow client-side to detect first load aka just logged in