From 1b23c68948885a5ddc0e5058f0dc46c6f43c31c7 Mon Sep 17 00:00:00 2001 From: Jonas Heinrich Date: Sun, 22 Nov 2020 16:13:40 +0100 Subject: [PATCH] fix CORS and CSP --- lib/AppInfo/Application.php | 17 +++++++++++++++++ package.json | 1 + src/components/Main.vue | 16 +++++++++++++--- 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index 63cc497..a4a0f07 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -4,6 +4,7 @@ declare(strict_types=1); namespace OCA\Radio\AppInfo; +use OC\Security\CSP\ContentSecurityPolicy; use OCA\Radio\Search\SearchProvider; use OCP\AppFramework\App; use OCP\AppFramework\Bootstrap\IBootContext; @@ -30,8 +31,24 @@ class Application extends App implements IBootstrap { return $c->get(IRequest::class); }); + $this->registerCsp(); + } public function boot(IBootContext $context): void { } + + /** + * Allow radio-browser hosts in the csp + * + * @throws \OCP\AppFramework\QueryException + */ + public function registerCsp() { + $manager = $this->getContainer()->getServer()->getContentSecurityPolicyManager(); + $policy = new ContentSecurityPolicy(); + $policy->addAllowedConnectDomain('https://de1.api.radio-browser.info'); + $policy->addAllowedImageDomain('*'); + $policy->addAllowedMediaDomain('*'); + $manager->addDefaultPolicy($policy); + } } diff --git a/package.json b/package.json index 05957ed..ae04390 100644 --- a/package.json +++ b/package.json @@ -37,6 +37,7 @@ "@nextcloud/router": "^1.2.0", "@nextcloud/vue": "^2.9.0", "@nextcloud/vue-dashboard": "^1.0.1", + "axios": "^0.21.0", "howler": "^2.2.1", "music-metadata": "^7.5.0", "style-loader": "^2.0.0", diff --git a/src/components/Main.vue b/src/components/Main.vue index 6ae2976..b366fa3 100644 --- a/src/components/Main.vue +++ b/src/components/Main.vue @@ -45,6 +45,7 @@ import Sidebar from './Sidebar' import { Howl, Howler } from 'howler' let audioPlayer = null +const requesttoken = axios.defaults.headers.requesttoken export default { name: 'Main', @@ -187,6 +188,7 @@ export default { codec: station.codec.toString(), tags: station.tags.toString(), } + axios.defaults.headers.requesttoken = requesttoken await axios .post(generateUrl('/apps/radio/api/favorites'), stationMap) .then(response => { @@ -242,6 +244,7 @@ export default { /* Count click */ try { + delete axios.defaults.headers.requesttoken axios.get(this.$apiUrl + '/json/url/' + station.stationuuid) } catch (error) { showError(t('radio', 'Unable to count play on remote API')) @@ -268,6 +271,7 @@ export default { codec: station.codec.toString(), tags: station.tags.toString(), } + axios.defaults.headers.requesttoken = requesttoken await axios .post(generateUrl('/apps/radio/api/recent'), stationMap) } catch (error) { @@ -369,6 +373,11 @@ export default { } try { + if (menuState === 'FAVORITES' || menuState === 'RECENT') { + axios.defaults.headers.requesttoken = requesttoken + } else { + delete axios.defaults.headers.requesttoken + } await axios.get(queryURI, { params: vm.queryParams, }) @@ -407,9 +416,9 @@ export default { }, loadSettings() { - axios.defaults.headers.common = { - 'User-Agent': 'Nextcloud Radio App/' + this.$version, - } + // axios.defaults.headers.common = { + // 'User-Agent': 'Nextcloud Radio App/' + this.$version, + // } this.$store.dispatch('getVolumeState') }, @@ -417,6 +426,7 @@ export default { async loadFavorites() { const vm = this try { + axios.defaults.headers.requesttoken = requesttoken await axios.get(generateUrl('/apps/radio/api/favorites')) .then(function(response) { const favorites = []