Merge pull request #913 from owncloud/fix-csp

fix: replace marketplace storage urls in csp
owncloud · Feb 16, 2022 · bd3b229 · bd3b229
2 parents 38e2052 + f0d03bb
commit bd3b229
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 6 deletions.
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * @author Thomas Müller <thomas.mueller@tmit.eu>
  *
@@ -45,9 +46,9 @@ public function index() {
 		$templateResponse = new TemplateResponse($this->appName, 'index', []);
 		$policy = new ContentSecurityPolicy();
 		// live storage
-		$policy->addAllowedImageDomain('https://storage.marketplace.owncloud.com');
+		$policy->addAllowedImageDomain('https://marketplace-storage.owncloud.com');
 		// staging - for internal testing
-		$policy->addAllowedImageDomain('https://marketplace-storage.int.owncloud.com');
+		$policy->addAllowedImageDomain('https://marketplace-storage.staging.owncloud.services');
 		// local dev storage
 		$policy->addAllowedImageDomain('http://minio:9000');
 		$templateResponse->setContentSecurityPolicy($policy);

diff --git a/tests/unit/PageControllerTest.php b/tests/unit/PageControllerTest.php
@@ -24,8 +24,8 @@ public function testIndex() {
 		$response = $this->controller->index();
 
 		$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy();
-		$policy->addAllowedImageDomain('https://storage.marketplace.owncloud.com');
-		$policy->addAllowedImageDomain('https://marketplace-storage.int.owncloud.com');
+		$policy->addAllowedImageDomain('https://marketplace-storage.owncloud.com');
+		$policy->addAllowedImageDomain('https://marketplace-storage.staging.owncloud.services');
 		$policy->addAllowedImageDomain('http://minio:9000');
 		$this->assertEquals($policy, $response->getContentSecurityPolicy());
 
@@ -36,8 +36,8 @@ public function testIndexHash() {
 		$response = $this->controller->indexHash();
 
 		$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy();
-		$policy->addAllowedImageDomain('https://storage.marketplace.owncloud.com');
-		$policy->addAllowedImageDomain('https://marketplace-storage.int.owncloud.com');
+		$policy->addAllowedImageDomain('https://marketplace-storage.owncloud.com');
+		$policy->addAllowedImageDomain('https://marketplace-storage.staging.owncloud.services');
 		$policy->addAllowedImageDomain('http://minio:9000');
 		$this->assertEquals($policy, $response->getContentSecurityPolicy());