* * @author Double Bastion LLC * * @license GNU AGPL version 3 or any later version * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE * License as published by the Free Software Foundation; either * version 3 of the License, or any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU AFFERO GENERAL PUBLIC LICENSE for more details. * * You should have received a copy of the GNU Affero General Public * License along with this program. If not, see . * */ declare(strict_types=1); namespace OCA\SMSRelentless\Controller; use \OCP\IRequest; use \OCP\AppFramework\Http\TemplateResponse; use \OCP\AppFramework\Http\DataResponse; use \OCP\AppFramework\Controller; use \OCP\AppFramework\Http\ContentSecurityPolicy; class PageController extends Controller { public function __construct($AppName, IRequest $request){ parent::__construct($AppName, $request); } /** * CAUTION: the @Stuff turns off security checks; for this page no admin is * required and no CSRF check. If you don't know what CSRF is, read * it up in the docs or you might create a security hole. This is * basically the only required method to add this exemption, don't * add it to any other method if you don't exactly know what it does * * @NoAdminRequired * @NoCSRFRequired */ public function index() { $response = new TemplateResponse('sms_relentless', 'index'); $csp = new ContentSecurityPolicy(); $csp->addAllowedFontDomain('data:'); $csp->addAllowedFrameDomain('\'self\''); $csp->addAllowedObjectDomain('\'self\''); $response->setContentSecurityPolicy($csp); return $response; } }