Merge pull request #10146 from owncloud/remove_csp_from_web

fix: remove csp from web service and let proxy service handle it

changelog/unreleased/fix-duplicate-csp.md

@@ -0,0 +1,5 @@
+Bugfix: Remove duplicate CSP header from responses
+
+The web service was adding a CSP on its own, and that one has been removed. The proxy service will take care of the CSP header.
+
+https://github.com/owncloud/ocis/pull/10146

services/web/pkg/middleware/silentrefresh.go

@@ -1,13 +0,0 @@
-package middleware
-
-import (
-	"net/http"
-)
-
-// SilentRefresh allows the oidc client lib to silently refresh the token in an iframe
-func SilentRefresh(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Content-Security-Policy", "frame-ancestors 'self'")
-		next.ServeHTTP(w, r)
-	})
-}

services/web/pkg/server/http/server.go

@@ -16,7 +16,6 @@ import (
 	"github.com/owncloud/ocis/v2/ocis-pkg/x/io/fsx"
 	"github.com/owncloud/ocis/v2/services/web"
 	"github.com/owncloud/ocis/v2/services/web/pkg/apps"
-	webmid "github.com/owncloud/ocis/v2/services/web/pkg/middleware"
 	svc "github.com/owncloud/ocis/v2/services/web/pkg/service/v0"
 )
 
@@ -101,7 +100,6 @@ func Server(opts ...Option) (http.Service, error) {
 			chimiddleware.RequestID,
 			chimiddleware.Compress(5),
 			middleware.NoCache,
-			webmid.SilentRefresh,
 			middleware.Version(
 				options.Config.Service.Name,
 				version.GetString(),