From 349a25169bcde6d8ec6c2bb8dca58b6c20f8aa2f Mon Sep 17 00:00:00 2001
From: Florian Schade <f.schade@icloud.com>
Date: Mon, 23 Sep 2024 16:12:48 +0200
Subject: [PATCH] enhancement: Load CSP configuration file if it exists

---
 changelog/unreleased/enhancement-load-csp-if-exists.md |  8 ++++++++
 services/proxy/pkg/config/defaults/defaultconfig.go    | 10 ++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 changelog/unreleased/enhancement-load-csp-if-exists.md

diff --git a/changelog/unreleased/enhancement-load-csp-if-exists.md b/changelog/unreleased/enhancement-load-csp-if-exists.md
new file mode 100644
index 00000000000..68aa4fed30e
--- /dev/null
+++ b/changelog/unreleased/enhancement-load-csp-if-exists.md
@@ -0,0 +1,8 @@
+Enhancement: Load CSP configuration file if it exists
+
+The Content Security Policy (CSP) configuration file is now loaded by default if it exists.
+The configuration file looked for should be located at `$OCIS_BASE_DATA_PATH/proxy/csp.yaml`.
+If the file does not exist, the default CSP configuration is used.
+
+https://github.com/owncloud/ocis/pull/10139
+https://github.com/owncloud/ocis/issues/10021
diff --git a/services/proxy/pkg/config/defaults/defaultconfig.go b/services/proxy/pkg/config/defaults/defaultconfig.go
index 40253045e58..ad16117273d 100644
--- a/services/proxy/pkg/config/defaults/defaultconfig.go
+++ b/services/proxy/pkg/config/defaults/defaultconfig.go
@@ -1,7 +1,9 @@
 package defaults
 
 import (
+	"os"
 	"path"
+	"path/filepath"
 	"strings"
 	"time"
 
@@ -332,6 +334,14 @@ func Sanitize(cfg *config.Config) {
 	if cfg.HTTP.Root != "/" {
 		cfg.HTTP.Root = strings.TrimSuffix(cfg.HTTP.Root, "/")
 	}
+
+	// if the CSP config file path is not set, we check if the default file exists and set it if it does
+	if cfg.CSPConfigFileLocation == "" {
+		defaultCSPConfigFilePath := filepath.Join(defaults.BaseDataPath(), "proxy", "csp.yaml")
+		if _, err := os.Stat(defaultCSPConfigFilePath); err == nil {
+			cfg.CSPConfigFileLocation = defaultCSPConfigFilePath
+		}
+	}
 }
 
 func mergePolicies(policies []config.Policy, additionalPolicies []config.Policy) []config.Policy {