setContentSecurityPolicy(self::getCSP()); $response->cacheFor(0); // Check if requested from native app if (!Util::callerIsNative()) { $this->eventDispatcher->dispatchTyped(new LoadSidebar()); } return $response; } /** Get the common content security policy */ public static function getCSP(): ContentSecurityPolicy { // Image domains MUST be added to the connect domain list // because of the service worker fetch() call $addImageDomain = static function (string $url) use (&$policy): void { $policy->addAllowedImageDomain($url); $policy->addAllowedConnectDomain($url); }; // Create base policy $policy = new ContentSecurityPolicy(); $policy->addAllowedWorkerSrcDomain("'self'"); $policy->addAllowedScriptDomain("'self'"); $policy->addAllowedFrameDomain("'self'"); $policy->addAllowedImageDomain("'self'"); $policy->addAllowedMediaDomain("'self'"); $policy->addAllowedConnectDomain("'self'"); // Video player $policy->addAllowedWorkerSrcDomain('blob:'); $policy->addAllowedScriptDomain('blob:'); $policy->addAllowedMediaDomain('blob:'); // Image editor $policy->addAllowedConnectDomain('data:'); // Allow OSM $policy->addAllowedFrameDomain('www.openstreetmap.org'); $addImageDomain('https://*.tile.openstreetmap.org'); $addImageDomain('https://*.a.ssl.fastly.net'); // Native communication $addImageDomain('http://127.0.0.1'); // Allow Nominatim $policy->addAllowedConnectDomain('nominatim.openstreetmap.org'); return $policy; } /** * Get params for main.php template. */ public static function getMainParams(): array { return [ 'native' => Util::callerIsNative(), ]; } /** * @NoAdminRequired * * @NoCSRFRequired */ public function folder(): Response { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function favorites(): Response { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function albums(): Response { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function videos(): Response { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function archive(): Response { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function thisday(): Response { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function recognize(): Response { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function facerecognition(): Response { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function places(): Response { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function tags(): Response { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function map(): Response { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function explore(): Response { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function nxsetup(): Response { return $this->main(); } }