Cannot add csp domain

[starworld99]

Hello experts,

I need to add a new domain name to the CSP scripts allowed site, I found OC\lib\Public\AppFramework\Http\ContentSecurityPolicy.php handle this issue(maybe?), I changed the following lines to add my domain name, but even if I restart my OC server, bu no result.

class ContentSecurityPolicy extends EmptyContentSecurityPolicy {
/** @var bool Whether inline JS snippets are allowed /
protected $inlineScriptAllowed = false;
/*
* @var bool Whether eval in JS scripts is allowed
* TODO: Disallow per default
* @link https:
/
protected $evalScriptAllowed = true;
/* @var array Domains from which scripts can get loaded /
protected $allowedScriptDomains = [
''self'',
'x.y.co m',
];
/*

I am trying to setup OC with Onlyoffice on my QNAP NAS， OC use the domain a.b.co m, Onlyoffice use domain x.y.co m.Either OC or Onlyoffice works perfect individually.

But after inegration, I got the following error message:ONLYOFFICE cannot be reached. Please contact admin, and via Chrom console "Refused to load the script 'https x.y.com/web-apps/apps/api/documents/api.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."

If I disabled CSP within Chrome browser, it works perfect. I learnt that from v8.1 csp was not stricted, and users cannot change. but how can I handle this issue

My environment was QNAP NAS with built in owncloud version 10.10.0 (stable)

[iasdeoupxe]

Not a support forum here, see these for getting such:

• https://central.owncloud.org/
• https://owncloud.com/support

Also please don't cross-post at multiple places, a support question is already open here:

https://central.owncloud.org/t/csp-was-not-changed-even-if-contentsecuritypolicy-php-changed/47023

-> Close as not a bug in ownCloud