mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-05 03:40:01 -06:00
Code Issues Packages Projects Releases Wiki Activity

Allow self for iframes

Browse Source
This commit is contained in:
Benedikt Kulmann
2022-06-27 10:18:46 +02:00
parent 8d1f70ac09
commit a5c2fdebd4
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
changelog/unreleased/fix-csp-silent-refresh.md Normal file
View File

@@ -0,0 +1,6 @@
Bugfix: CSP rules for silent token refresh in iframe
When renewing the access token silently web needs to be opened in an iframe. This was previously blocked by a restrictive iframe CSP rule in the `Secure` middleware and has now been fixed by allow `self` for iframes.
https://github.com/owncloud/ocis/pull/4031
https://github.com/owncloud/web/issues/7030

1
services/web/pkg/middleware/silentrefresh.go
View File

@@ -8,6 +8,7 @@ import (
func SilentRefresh(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("X-Frame-Options", "SAMEORIGIN")
w.Header().Set("Content-Security-Policy", "frame-ancestors 'self'")
next.ServeHTTP(w, r)
})
}