nextcloud_ynh

mirror of https://github.com/YunoHost-Apps/nextcloud_ynh.git synced 2024-09-03 19:55:57 +02:00

History

Jimmy Monin 041a0ee18d Disable CSPv3 nonces and allow YunoHost fonts data Problems: - Due to some unknown problem in the interaction between SSOwat and Nextcloud server authentication, CSP nonces are wrong when you log into Nextcloud from YunoHost portal for the first time (systematically reproduced in a browser private session). The Nextcloud page is hence almost totally blank and you have to refresh the page or click on the Nextcloud logo. - Due to CSP protection, the YunoHost tile (inline Javascript) is blocked Solution: While it's not a totally satisfying solution, a somewhat acceptable workaround to these two problems is to: - block CSP v3 features (hence nonces), but still allowing CSP v2 features - allow for "data:" font sources (needed to load YunoHost tile fonts) This is done via patching Nextcloud sources: - `ContentSecurityPolicyNonceManager`: disable the CSPv3 browser compatibility detection (return false in every case) - `EmptyContentSecurityPolicy`: add the "data:" argument in `font-src` default CSP rule.	2017-08-07 22:00:27 +02:00
..
00-add-logout_url-conf.patch	[enh] Update Nextcloud to v10.0.0 with logout patch	2016-08-28 21:54:46 +02:00
01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch	Disable CSPv3 nonces and allow YunoHost fonts data	2017-08-07 22:00:27 +02:00

Jimmy Monin 041a0ee18d Disable CSPv3 nonces and allow YunoHost fonts data

Problems:
- Due to some unknown problem in the interaction between SSOwat and Nextcloud server authentication, CSP nonces are wrong when you log into Nextcloud from YunoHost portal for the first time (systematically reproduced in a browser private session). The Nextcloud page is hence almost totally blank and you have to refresh the page or click on the Nextcloud logo.
- Due to CSP protection, the YunoHost tile (inline Javascript) is blocked

Solution:
While it's not a totally satisfying solution, a somewhat acceptable workaround to these two problems is to:
- block CSP v3 features (hence nonces), but still allowing CSP v2 features
- allow for "data:" font sources (needed to load YunoHost tile fonts)

This is done via patching Nextcloud sources:
- `ContentSecurityPolicyNonceManager`: disable the CSPv3 browser compatibility detection (return false in every case)
- `EmptyContentSecurityPolicy`: add the "data:" argument in `font-src` default CSP rule.

2017-08-07 22:00:27 +02:00

00-add-logout_url-conf.patch

[enh] Update Nextcloud to v10.0.0 with logout patch

2016-08-28 21:54:46 +02:00

01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch

Disable CSPv3 nonces and allow YunoHost fonts data

2017-08-07 22:00:27 +02:00