Commit 1d507bb9 authored by godog's avatar godog

Merge branch 'csp_sso_hostname' into 'master'

csp: sso support

See merge request !1
parents d361ece9 5864f17f
Pipeline #3503 passed with stages
in 3 minutes and 34 seconds
......@@ -4,3 +4,6 @@
// Set it to the relative URL path of the Roundcube installation.
$config['csp_script_path'] = '/';
// If non-empty, the proto + hostname to allow SSO requests,
// e.g. https://sso.domain.org
$config['csp_sso_hostname'] = '';
......@@ -20,10 +20,16 @@ class csp extends rcube_plugin {
$host = $_SERVER['HTTP_HOST'];
$proto = rcube_utils::https_check() ? 'https' : 'http';
$path = $rcmail->config->get('csp_script_path', '/');
$src_sso = "";
$sso_hostname = $rcmail->config->get('csp_sso_hostname', '');
if($sso_hostname != '') {
$src_sso .= "{$sso_hostname}";
}
$csp_header = (
"default-src 'self'; " .
"script-src 'self' {$proto}://{$host}{$path} 'unsafe-inline' 'unsafe-eval'; " .
"style-src 'self' 'unsafe-inline'; object-src 'none'");
"default-src 'self' {$src_sso}; " .
"script-src 'self' {$proto}://{$host}{$path} 'unsafe-inline' 'unsafe-eval' {$src_sso}; " .
"style-src 'self' 'unsafe-inline' {$src_sso}; " .
"object-src 'none'");
header("Content-Security-Policy: {$csp_header}");
return $content;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment