Commit 5864f17f authored by godog's avatar godog

csp: sso support

parent bc9544d4
Pipeline #3453 passed with stages
in 3 minutes
......@@ -4,3 +4,6 @@
// Set it to the relative URL path of the Roundcube installation.
$config['csp_script_path'] = '/';
// If non-empty, the proto + hostname to allow SSO requests,
// e.g. https://sso.domain.org
$config['csp_sso_hostname'] = '';
......@@ -20,10 +20,16 @@ class csp extends rcube_plugin {
$host = $_SERVER['HTTP_HOST'];
$proto = rcube_utils::https_check() ? 'https' : 'http';
$path = $rcmail->config->get('csp_script_path', '/');
$src_sso = "";
$sso_hostname = $rcmail->config->get('csp_sso_hostname', '');
if($sso_hostname != '') {
$src_sso .= "{$sso_hostname}";
}
$csp_header = (
"default-src 'self'; " .
"script-src 'self' {$proto}://{$host}{$path} 'unsafe-inline' 'unsafe-eval'; " .
"style-src 'self' 'unsafe-inline'; object-src 'none'");
"default-src 'self' {$src_sso}; " .
"script-src 'self' {$proto}://{$host}{$path} 'unsafe-inline' 'unsafe-eval' {$src_sso}; " .
"style-src 'self' 'unsafe-inline' {$src_sso}; " .
"object-src 'none'");
header("Content-Security-Policy: {$csp_header}");
return $content;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment