Hello experts,
I need to add a new domain name to the CSP scripts allowed site, I found OC\lib\Public\AppFramework\Http\ContentSecurityPolicy.php handle this issue(maybe?), I changed the following lines to add my domain name, but even if I restart my OC server, no result.
class ContentSecurityPolicy extends EmptyContentSecurityPolicy {
/** @var bool Whether inline JS snippets are allowed /
protected $inlineScriptAllowed = false;
/*
* @var bool Whether eval in JS scripts is allowed
* TODO: Disallow per default
* @link
/
protected $evalScriptAllowed = true;
/* @var array Domains from which scripts can get loaded /
protected $allowedScriptDomains = [
â'self'â,
âXYZâ,
];
/*
I am trying to setup OC with Onlyoffice on my QNAP NASďź OC use the domain ABC, Onlyoffice use domain XYZ.Either OC or Onlyoffice works perfect individually.
But after inegration, I got the following error message:ONLYOFFICE cannot be reached. Please contact admin, and via Chrom console âRefused to load the script âXYZ/web-apps/apps/api/documents/api.jsâ because it violates the following Content Security Policy directive: âscript-src âselfâ âunsafe-inlineâ âunsafe-evalââ. Note that âscript-src-elemâ was not explicitly set, so âscript-srcâ is used as a fallback.â
If I disabled CSP within Chrome browser, it works perfect. I learnt that from v8.1 csp was not stricted, and users cannot change. but how can I handle this issue
My environment was QNAP NAS with built in owncloud version 10.10.0 (stable)
