fix CORS and CSP
This commit is contained in:
Jonas Heinrich
parent
a364043f5f
commit
1b23c68948
@ -4,6 +4,7 @@ declare(strict_types=1);
|
|||||||
|
|
||||||
namespace OCA\Radio\AppInfo;
|
namespace OCA\Radio\AppInfo;
|
||||||
|
|
||||||
|
use OC\Security\CSP\ContentSecurityPolicy;
|
||||||
use OCA\Radio\Search\SearchProvider;
|
use OCA\Radio\Search\SearchProvider;
|
||||||
use OCP\AppFramework\App;
|
use OCP\AppFramework\App;
|
||||||
use OCP\AppFramework\Bootstrap\IBootContext;
|
use OCP\AppFramework\Bootstrap\IBootContext;
|
||||||
@ -30,8 +31,24 @@ class Application extends App implements IBootstrap {
|
|||||||
return $c->get(IRequest::class);
|
return $c->get(IRequest::class);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
$this->registerCsp();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function boot(IBootContext $context): void {
|
public function boot(IBootContext $context): void {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Allow radio-browser hosts in the csp
|
||||||
|
*
|
||||||
|
* @throws \OCP\AppFramework\QueryException
|
||||||
|
*/
|
||||||
|
public function registerCsp() {
|
||||||
|
$manager = $this->getContainer()->getServer()->getContentSecurityPolicyManager();
|
||||||
|
$policy = new ContentSecurityPolicy();
|
||||||
|
$policy->addAllowedConnectDomain('https://de1.api.radio-browser.info');
|
||||||
|
$policy->addAllowedImageDomain('*');
|
||||||
|
$policy->addAllowedMediaDomain('*');
|
||||||
|
$manager->addDefaultPolicy($policy);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -37,6 +37,7 @@
|
|||||||
"@nextcloud/router": "^1.2.0",
|
"@nextcloud/router": "^1.2.0",
|
||||||
"@nextcloud/vue": "^2.9.0",
|
"@nextcloud/vue": "^2.9.0",
|
||||||
"@nextcloud/vue-dashboard": "^1.0.1",
|
"@nextcloud/vue-dashboard": "^1.0.1",
|
||||||
|
"axios": "^0.21.0",
|
||||||
"howler": "^2.2.1",
|
"howler": "^2.2.1",
|
||||||
"music-metadata": "^7.5.0",
|
"music-metadata": "^7.5.0",
|
||||||
"style-loader": "^2.0.0",
|
"style-loader": "^2.0.0",
|
||||||
|
|||||||
@ -45,6 +45,7 @@ import Sidebar from './Sidebar'
|
|||||||
import { Howl, Howler } from 'howler'
|
import { Howl, Howler } from 'howler'
|
||||||
|
|
||||||
let audioPlayer = null
|
let audioPlayer = null
|
||||||
|
const requesttoken = axios.defaults.headers.requesttoken
|
||||||
|
|
||||||
export default {
|
export default {
|
||||||
name: 'Main',
|
name: 'Main',
|
||||||
@ -187,6 +188,7 @@ export default {
|
|||||||
codec: station.codec.toString(),
|
codec: station.codec.toString(),
|
||||||
tags: station.tags.toString(),
|
tags: station.tags.toString(),
|
||||||
}
|
}
|
||||||
|
axios.defaults.headers.requesttoken = requesttoken
|
||||||
await axios
|
await axios
|
||||||
.post(generateUrl('/apps/radio/api/favorites'), stationMap)
|
.post(generateUrl('/apps/radio/api/favorites'), stationMap)
|
||||||
.then(response => {
|
.then(response => {
|
||||||
@ -242,6 +244,7 @@ export default {
|
|||||||
|
|
||||||
/* Count click */
|
/* Count click */
|
||||||
try {
|
try {
|
||||||
|
delete axios.defaults.headers.requesttoken
|
||||||
axios.get(this.$apiUrl + '/json/url/' + station.stationuuid)
|
axios.get(this.$apiUrl + '/json/url/' + station.stationuuid)
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
showError(t('radio', 'Unable to count play on remote API'))
|
showError(t('radio', 'Unable to count play on remote API'))
|
||||||
@ -268,6 +271,7 @@ export default {
|
|||||||
codec: station.codec.toString(),
|
codec: station.codec.toString(),
|
||||||
tags: station.tags.toString(),
|
tags: station.tags.toString(),
|
||||||
}
|
}
|
||||||
|
axios.defaults.headers.requesttoken = requesttoken
|
||||||
await axios
|
await axios
|
||||||
.post(generateUrl('/apps/radio/api/recent'), stationMap)
|
.post(generateUrl('/apps/radio/api/recent'), stationMap)
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
@ -369,6 +373,11 @@ export default {
|
|||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
if (menuState === 'FAVORITES' || menuState === 'RECENT') {
|
||||||
|
axios.defaults.headers.requesttoken = requesttoken
|
||||||
|
} else {
|
||||||
|
delete axios.defaults.headers.requesttoken
|
||||||
|
}
|
||||||
await axios.get(queryURI, {
|
await axios.get(queryURI, {
|
||||||
params: vm.queryParams,
|
params: vm.queryParams,
|
||||||
})
|
})
|
||||||
@ -407,9 +416,9 @@ export default {
|
|||||||
},
|
},
|
||||||
loadSettings() {
|
loadSettings() {
|
||||||
|
|
||||||
axios.defaults.headers.common = {
|
// axios.defaults.headers.common = {
|
||||||
'User-Agent': 'Nextcloud Radio App/' + this.$version,
|
// 'User-Agent': 'Nextcloud Radio App/' + this.$version,
|
||||||
}
|
// }
|
||||||
this.$store.dispatch('getVolumeState')
|
this.$store.dispatch('getVolumeState')
|
||||||
|
|
||||||
},
|
},
|
||||||
@ -417,6 +426,7 @@ export default {
|
|||||||
async loadFavorites() {
|
async loadFavorites() {
|
||||||
const vm = this
|
const vm = this
|
||||||
try {
|
try {
|
||||||
|
axios.defaults.headers.requesttoken = requesttoken
|
||||||
await axios.get(generateUrl('/apps/radio/api/favorites'))
|
await axios.get(generateUrl('/apps/radio/api/favorites'))
|
||||||
.then(function(response) {
|
.then(function(response) {
|
||||||
const favorites = []
|
const favorites = []
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user