Merge pull request #10139 from fschade/csp-conf-auto-loading

enhancement: Load CSP configuration file if it exists
owncloud · Sep 24, 2024 · c1050c4 · c1050c4
2 parents f2260f0 + 349a251
commit c1050c4
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/changelog/unreleased/enhancement-load-csp-if-exists.md b/changelog/unreleased/enhancement-load-csp-if-exists.md
@@ -0,0 +1,8 @@
+Enhancement: Load CSP configuration file if it exists
+
+The Content Security Policy (CSP) configuration file is now loaded by default if it exists.
+The configuration file looked for should be located at `$OCIS_BASE_DATA_PATH/proxy/csp.yaml`.
+If the file does not exist, the default CSP configuration is used.
+
+https://github.com/owncloud/ocis/pull/10139
+https://github.com/owncloud/ocis/issues/10021
diff --git a/services/proxy/pkg/config/defaults/defaultconfig.go b/services/proxy/pkg/config/defaults/defaultconfig.go
@@ -1,7 +1,9 @@
 package defaults
 
 import (
+	"os"
 	"path"
+	"path/filepath"
 	"strings"
 	"time"
 
@@ -332,6 +334,14 @@ func Sanitize(cfg *config.Config) {
 	if cfg.HTTP.Root != "/" {
 		cfg.HTTP.Root = strings.TrimSuffix(cfg.HTTP.Root, "/")
 	}
+
+	// if the CSP config file path is not set, we check if the default file exists and set it if it does
+	if cfg.CSPConfigFileLocation == "" {
+		defaultCSPConfigFilePath := filepath.Join(defaults.BaseDataPath(), "proxy", "csp.yaml")
+		if _, err := os.Stat(defaultCSPConfigFilePath); err == nil {
+			cfg.CSPConfigFileLocation = defaultCSPConfigFilePath
+		}
+	}
 }
 
 func mergePolicies(policies []config.Policy, additionalPolicies []config.Policy) []config.Policy {