add config parameter for usage in iframe

pointcz · Jan 13, 2022 · 5836545 · 5836545
1 parent eea01d7
commit 5836545
Show file tree

Hide file tree

Showing 8 changed files with 133 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -14,3 +14,14 @@ http://nextcloud.example.com/index.php/apps/files/?dir=/New%20folder&hide-sideba
 
 ## Screenshot
 ![Tab view in sidebar](.readme/hidesidebars.png)
+
+## iframe
+
+This app from version 2.0.0 brings new config parameter `addAllowedFrameAncestorDomain`. For usage in iframe you must update `lib/public/AppFramework/Http/ContentSecurityPolicy.php` manually
+or use this new parameter `addAllowedFrameAncestorDomain` in `config.php`
+
+```
+...
+'addAllowedFrameAncestorDomain' => '*.example.com:*'
+...
+```
diff --git a/appinfo/app.php b/appinfo/app.php
diff --git a/appinfo/info.xml b/appinfo/info.xml
@@ -15,17 +15,26 @@ Examples:
 ```
 http://nextcloud.example.com/index.php/apps/files/?hide-sidebars
 http://nextcloud.example.com/index.php/apps/files/?dir=/New%20folder&hide-sidebars
+```
+
+This app from version 2.0.0 brings new config parameter `addAllowedFrameAncestorDomain`.
+For usage in iframe you must update `lib/public/AppFramework/Http/ContentSecurityPolicy.php` manually
+or use this new parameter `addAllowedFrameAncestorDomain` in `config.php`
+
+```
+...
+'addAllowedFrameAncestorDomain' => '*.example.com:*'
+...
 ```]]></description>
-    <version>1.1.0</version>
+    <version>2.0.0</version>
     <licence>agpl</licence>
     <author mail="rstofko@gmail.com" >Radoslav Stofko</author>
-    <namespace>HideSidebars</namespace>
-    <category>tools</category>
+    <category>customization</category>
     <bugs>https://github.com/pointcz/hidesidebars/issues</bugs>
     <website>https://github.com/pointcz/hidesidebars</website>
     <repository>https://github.com/pointcz/hidesidebars</repository>
     <screenshot>https://raw.githubusercontent.com/pointcz/hidesidebars/master/.readme/hidesidebars.png</screenshot>
     <dependencies>
-        <nextcloud min-version="15" max-version="21"/>
+        <nextcloud min-version="21" max-version="23"/>
     </dependencies>
 </info>
diff --git a/img/app.svg b/img/app.svg
diff --git a/js/script.js b/js/script.js
@@ -1,3 +1,5 @@
+console.log('hidesidebar script was loaded');
+
 window.addEventListener('DOMContentLoaded', function(event) {
         if (getParameterByName('hide-sidebars') !== null) {
                 hideTopMenu();

diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php
@@ -0,0 +1,33 @@
+<?php
+
+namespace OCA\Hidesidebars\AppInfo;
+
+use OCA\Files\Event\LoadAdditionalScriptsEvent;
+use OCA\Hidesidebars\Listener\CSPListener;
+use OCA\Hidesidebars\Listener\HidesidebarScripts;
+use OCP\AppFramework\App;
+use OCP\AppFramework\Bootstrap\IBootContext;
+use OCP\AppFramework\Bootstrap\IBootstrap;
+use OCP\AppFramework\Bootstrap\IRegistrationContext;
+use OCP\Security\CSP\AddContentSecurityPolicyEvent;
+
+class Application extends App implements IBootstrap
+{
+    public const APP_ID = 'hidesidebars';
+    public const CONFIG_FRAME_KEY = 'addAllowedFrameAncestorDomain';
+
+    public function __construct(array $params = [])
+    {
+        parent::__construct(self::APP_ID, $params);
+    }
+
+    public function register(IRegistrationContext $context): void
+    {
+        $context->registerEventListener(LoadAdditionalScriptsEvent::class, HidesidebarScripts::class);
+        $context->registerEventListener(AddContentSecurityPolicyEvent::class, CSPListener::class);
+    }
+
+    public function boot(IBootContext $context): void
+    {
+    }
+}
diff --git a/lib/Listener/CSPListener.php b/lib/Listener/CSPListener.php
@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace OCA\Hidesidebars\Listener;
+
+use OCA\Hidesidebars\AppInfo\Application;
+use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
+use OCP\EventDispatcher\Event;
+use OCP\EventDispatcher\IEventListener;
+use OCP\IConfig;
+use OCP\Security\CSP\AddContentSecurityPolicyEvent;
+
+class CSPListener implements IEventListener {
+
+    /** @var IConfig */
+    private $config;
+
+    public function __construct(IConfig $config)
+    {
+        $this->config = $config;
+    }
+
+    public function handle(Event $event): void {
+		if (!$event instanceof AddContentSecurityPolicyEvent) {
+			return;
+		}
+
+        $csp = new EmptyContentSecurityPolicy();
+        $csp->addAllowedFrameAncestorDomain($this->config->getSystemValue(Application::CONFIG_FRAME_KEY)); //'*.pointcz.com:*'
+		$event->addPolicy($csp);
+	}
+}
diff --git a/lib/Listener/HidesidebarScripts.php b/lib/Listener/HidesidebarScripts.php
@@ -0,0 +1,35 @@
+<?php
+
+declare(strict_types=1);
+
+namespace OCA\Hidesidebars\Listener;
+
+use OC\User\Session;
+use OCA\Hidesidebars\AppInfo\Application;
+use OCA\Files\Event\LoadAdditionalScriptsEvent;
+use OCP\EventDispatcher\Event;
+use OCP\EventDispatcher\IEventListener;
+use OCP\Util;
+
+class HidesidebarScripts implements IEventListener
+{
+
+    /** @var Session */
+    private $userSession;
+
+    public function __construct(Session $userSession)
+    {
+        $this->userSession = $userSession;
+    }
+
+    public function handle(Event $event): void
+    {
+        if (!($event instanceof LoadAdditionalScriptsEvent)) {
+            return;
+        }
+
+        if ($this->userSession->isLoggedIn()) {
+            Util::addScript(Application::APP_ID, 'script');
+        }
+    }
+}