Update CSP for OnlyOffice apps

2019-01-28 12:18:18 +01:00
parent 9ca7d504d2
commit d5f98c916b
2 changed files with 34 additions and 1 deletions
--- a/server.js
+++ b/server.js
@@ -75,9 +75,20 @@ var setHeaders = (function () {
    if (config.padContentSecurity) {
        padHeaders['Content-Security-Policy'] = clone(config.padContentSecurity);
    }
+    const ooHeaders = clone(headers);
+    if (config.ooContentSecurity) {
+        ooHeaders['Content-Security-Policy'] = clone(config.ooContentSecurity);
+    }
    if (Object.keys(headers).length) {
        return function (req, res) {
-            const h = /^\/pad(2)?\/inner\.html.*/.test(req.url) ? padHeaders : headers;
+            const h = [/^\/pad(2)?\/inner\.html.*/].some((regex) => {
+                    return regex.test(req.url)
+                }) ? padHeaders : ([
+                    /^\/sheet\/inner\.html.*/,
+                    /^\/common\/onlyoffice\/.*\/index\.html.*/
+                ].some((regex) => {
+                return regex.test(req.url)
+            }) ? ooHeaders : headers);
            for (let header in h) { res.setHeader(header, h[header]); }
        };
    }