diff options
author | Henry Castro <hcastro@collabora.com> | 2021-05-25 15:28:05 -0400 |
---|---|---|
committer | pedropintosilva <65948705+pedropintosilva@users.noreply.github.com> | 2021-08-06 17:21:18 +0200 |
commit | 57d454436b3700a1ad6fd62a3374cd7813610ea1 (patch) | |
tree | 16021bef9e2bef7a6947ee8d78272be755d93141 /wsd | |
parent | Feedback: Style iframe (diff) | |
download | online-57d454436b3700a1ad6fd62a3374cd7813610ea1.tar.gz online-57d454436b3700a1ad6fd62a3374cd7813610ea1.zip |
wsd: fix url redirect
Signed-off-by: Henry Castro <hcastro@collabora.com>
Change-Id: I09fda6618c35147b12f8e25204290a7d61cd766b
Diffstat (limited to 'wsd')
-rw-r--r-- | wsd/FileServer.cpp | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp index 2969839d57..a598472329 100644 --- a/wsd/FileServer.cpp +++ b/wsd/FileServer.cpp @@ -777,7 +777,11 @@ void FileServerRequestHandler::preprocessFile(const HTTPRequest& request, if (config.getBool("security.enable_macros_execution", false)) enableMacrosExecution = "true"; Poco::replaceInPlace(preprocess, std::string("%ENABLE_MACROS_EXECUTION%"), enableMacrosExecution); - Poco::replaceInPlace(preprocess, std::string("%FEEDBACK_LOCATION%"), std::string(FEEDBACK_LOCATION)); + +#ifdef ENABLE_FEEDBACK + StringVector tokens = Util::tokenize(std::string(FEEDBACK_LOCATION), ' '); + Poco::replaceInPlace(preprocess, std::string("%FEEDBACK_LOCATION%"), tokens.size() > 0 ? tokens[0] : ""); +#endif // Capture cookies so we can optionally reuse them for the storage requests. { @@ -799,7 +803,11 @@ void FileServerRequestHandler::preprocessFile(const HTTPRequest& request, // iframe purposes. std::ostringstream cspOss; cspOss << "Content-Security-Policy: default-src 'none'; " +#ifdef ENABLE_FEEDBACK "frame-src 'self' " << FEEDBACK_LOCATION << " blob: " << documentSigningURL << "; " +#else + "frame-src 'self' blob: " << documentSigningURL << "; " +#endif "connect-src 'self' " << cnxDetails.getWebSocketUrl() << "; " "script-src 'unsafe-inline' 'self'; " "style-src 'self' 'unsafe-inline'; " |