Question regarding "Content-Security-Policy"

antwan · November 18, 2016, 12:11pm

Hello,

First of all let me start by stating the fact that I am a bit noobish in servers and web services.

I have setup ownCloud both on a shared hosting and on a private server and what I would like is to add a iframe to the public download page.

I've editted ../apps/files_sharing/templates/public.php to add my iframe code for my facebook page, but it stays white and doesn't load.

Chrome console states the following:
Refused to frame '[FB LINK HERE]' because it violates the following Content Security Policy directive: "frame-src 'self'".

tflidd · November 19, 2016, 9:49am

This is a description, was is the actual question?

More about CSP: https://en.wikipedia.org/wiki/Content_Security_Policy
And you see perhaps the reason this is enabled in owncloud by default. You could just turn it off but that removes also the protection it provides. So you are looking in a special app/feature to allow the use of integrating owncloud as an iframe to external services?

antwan · November 19, 2016, 10:07am

Sorry, I thought that my question was implied.

I want to disable what is keeping me achieving what I want. I understand the security risks and I do not care. I just don't know how to disable it.

I want to put external content on the public download page as iframe. Embedding a youtube video for example or adding a facebook page.

anon30676603 · November 19, 2016, 10:49am

You can search through the oC code for:

Content-Security-Policy

and remove that on your own risk.