diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index 1e3663578db..652ebec37cb 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -52,8 +52,10 @@ use OCP\AppFramework\Utility\IControllerMethodReflector; use OCP\AppFramework\Utility\ITimeFactory; use OCP\Collaboration\Resources\IManager as IResourceManager; +use OCP\EventDispatcher\IEventDispatcher; use OCP\IServerContainer; use OCP\IUser; +use OCP\Security\CSP\AddContentSecurityPolicyEvent; use OCP\Settings\IManager; use Symfony\Component\EventDispatcher\EventDispatcherInterface; use Symfony\Component\EventDispatcher\GenericEvent; @@ -95,7 +97,6 @@ public function __construct(array $urlParams = []) { public function register(): void { $server = $this->getContainer()->getServer(); - $this->extendDefaultContentSecurityPolicy(); $this->registerNotifier($server); $this->registerCollaborationResourceProvider($server); $this->getContainer()->registerCapability(Capabilities::class); @@ -116,6 +117,10 @@ public function register(): void { ResourceListener::register($dispatcher); ChangelogListener::register($dispatcher); + /** @var IEventDispatcher $newDispatcher */ + $newDispatcher = $server->query(IEventDispatcher::class); + $newDispatcher->addServiceListener(AddContentSecurityPolicyEvent::class, Listener\CSPListener::class); + $this->registerNavigationLink($server); $this->registerRoomActivityHooks($dispatcher); $this->registerChatHooks($dispatcher); @@ -193,16 +198,4 @@ protected function registerChatHooks(EventDispatcherInterface $dispatcher): void }; $dispatcher->addListener(Room::class . '::postDeleteRoom', $listener); } - - protected function extendDefaultContentSecurityPolicy(): void { - /** @var Config $config */ - $config = $this->getContainer()->query(Config::class); - - $csp = new ContentSecurityPolicy(); - foreach ($config->getAllServerUrlsForCSP() as $server) { - $csp->addAllowedConnectDomain($server); - } - $cspManager = $this->getContainer()->getServer()->getContentSecurityPolicyManager(); - $cspManager->addDefaultPolicy($csp); - } } diff --git a/lib/Listener/CSPListener.php b/lib/Listener/CSPListener.php new file mode 100644 index 00000000000..7ad2e060b2b --- /dev/null +++ b/lib/Listener/CSPListener.php @@ -0,0 +1,55 @@ + + * + * @author Roeland Jago Douma + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\Spreed\Listener; + +use OCA\Spreed\Config; +use OCP\AppFramework\Http\ContentSecurityPolicy; +use OCP\EventDispatcher\Event; +use OCP\EventDispatcher\IEventListener; +use OCP\Security\CSP\AddContentSecurityPolicyEvent; + +class CSPListener implements IEventListener { + + /** @var Config */ + private $config; + + public function __construct(Config $config) { + $this->config = $config; + } + + public function handle(Event $event): void { + if (!($event instanceof AddContentSecurityPolicyEvent)) { + return; + } + + $csp = new ContentSecurityPolicy(); + foreach ($this->config->getAllServerUrlsForCSP() as $server) { + $csp->addAllowedConnectDomain($server); + } + + $event->addPolicy($csp); + } + +}