You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I need to add a new domain name to the CSP scripts allowed site, I found OC\lib\Public\AppFramework\Http\ContentSecurityPolicy.php handle this issue(maybe?), I changed the following lines to add my domain name, but even if I restart my OC server, bu no result.
class ContentSecurityPolicy extends EmptyContentSecurityPolicy {
/** @var bool Whether inline JS snippets are allowed /
protected $inlineScriptAllowed = false;
/*
* @var bool Whether eval in JS scripts is allowed
* TODO: Disallow per default
* @link https: /
protected $evalScriptAllowed = true;
/* @var array Domains from which scripts can get loaded /
protected $allowedScriptDomains = [
''self'', 'x.y.co m',
];
/*
I am trying to setup OC with Onlyoffice on my QNAP NAS, OC use the domain a.b.co m, Onlyoffice use domain x.y.co m.Either OC or Onlyoffice works perfect individually.
But after inegration, I got the following error message:ONLYOFFICE cannot be reached. Please contact admin, and via Chrom console "Refused to load the script 'https x.y.com/web-apps/apps/api/documents/api.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."
If I disabled CSP within Chrome browser, it works perfect. I learnt that from v8.1 csp was not stricted, and users cannot change. but how can I handle this issue
My environment was QNAP NAS with built in owncloud version 10.10.0 (stable)
The text was updated successfully, but these errors were encountered:
Hello experts,
I need to add a new domain name to the CSP scripts allowed site, I found OC\lib\Public\AppFramework\Http\ContentSecurityPolicy.php handle this issue(maybe?), I changed the following lines to add my domain name, but even if I restart my OC server, bu no result.
class ContentSecurityPolicy extends EmptyContentSecurityPolicy {
/** @var bool Whether inline JS snippets are allowed /
protected $inlineScriptAllowed = false;
/*
* @var bool Whether eval in JS scripts is allowed
* TODO: Disallow per default
* @link https:
/
protected $evalScriptAllowed = true;
/* @var array Domains from which scripts can get loaded /
protected $allowedScriptDomains = [
''self'',
'x.y.co m',
];
/*
I am trying to setup OC with Onlyoffice on my QNAP NAS, OC use the domain a.b.co m, Onlyoffice use domain x.y.co m.Either OC or Onlyoffice works perfect individually.
But after inegration, I got the following error message:ONLYOFFICE cannot be reached. Please contact admin, and via Chrom console "Refused to load the script 'https x.y.com/web-apps/apps/api/documents/api.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."
If I disabled CSP within Chrome browser, it works perfect. I learnt that from v8.1 csp was not stricted, and users cannot change. but how can I handle this issue
My environment was QNAP NAS with built in owncloud version 10.10.0 (stable)
The text was updated successfully, but these errors were encountered: