From bc200197815d02f13ec930a2888011d4d118b09a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Pablo=20Villaf=C3=A1=C3=B1ez?= Date: Tue, 24 Sep 2024 11:08:43 +0200 Subject: [PATCH] fix: remove csp from web service and let proxy service handle it --- services/web/pkg/middleware/silentrefresh.go | 13 ------------- services/web/pkg/server/http/server.go | 2 -- 2 files changed, 15 deletions(-) delete mode 100644 services/web/pkg/middleware/silentrefresh.go diff --git a/services/web/pkg/middleware/silentrefresh.go b/services/web/pkg/middleware/silentrefresh.go deleted file mode 100644 index 703313a1a9..0000000000 --- a/services/web/pkg/middleware/silentrefresh.go +++ /dev/null @@ -1,13 +0,0 @@ -package middleware - -import ( - "net/http" -) - -// SilentRefresh allows the oidc client lib to silently refresh the token in an iframe -func SilentRefresh(next http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Security-Policy", "frame-ancestors 'self'") - next.ServeHTTP(w, r) - }) -} diff --git a/services/web/pkg/server/http/server.go b/services/web/pkg/server/http/server.go index bc8bed9af1..164a020030 100644 --- a/services/web/pkg/server/http/server.go +++ b/services/web/pkg/server/http/server.go @@ -16,7 +16,6 @@ import ( "github.com/owncloud/ocis/v2/ocis-pkg/x/io/fsx" "github.com/owncloud/ocis/v2/services/web" "github.com/owncloud/ocis/v2/services/web/pkg/apps" - webmid "github.com/owncloud/ocis/v2/services/web/pkg/middleware" svc "github.com/owncloud/ocis/v2/services/web/pkg/service/v0" ) @@ -101,7 +100,6 @@ func Server(opts ...Option) (http.Service, error) { chimiddleware.RequestID, chimiddleware.Compress(5), middleware.NoCache, - webmid.SilentRefresh, middleware.Version( options.Config.Service.Name, version.GetString(),