setContentSecurityPolicy(self::getCSP()); $response->cacheFor(0); // Check if requested from native app if (!Util::callerIsNative()) { $this->eventDispatcher->dispatchTyped(new LoadSidebar()); } return $response; } /** Get the common content security policy */ public static function getCSP() { // Image domains MUST be added to the connect domain list // because of the service worker fetch() call $addImageDomain = static function ($url) use (&$policy): void { $policy->addAllowedImageDomain($url); $policy->addAllowedConnectDomain($url); }; // Create base policy $policy = new ContentSecurityPolicy(); $policy->addAllowedWorkerSrcDomain("'self'"); $policy->addAllowedScriptDomain("'self'"); $policy->addAllowedFrameDomain("'self'"); $policy->addAllowedImageDomain("'self'"); $policy->addAllowedMediaDomain("'self'"); $policy->addAllowedConnectDomain("'self'"); // Video player $policy->addAllowedWorkerSrcDomain('blob:'); $policy->addAllowedScriptDomain('blob:'); $policy->addAllowedMediaDomain('blob:'); // Image editor $policy->addAllowedConnectDomain('data:'); // Allow OSM $policy->addAllowedFrameDomain('www.openstreetmap.org'); $addImageDomain('https://*.tile.openstreetmap.org'); $addImageDomain('https://*.a.ssl.fastly.net'); // Native communication $addImageDomain('http://127.0.0.1'); // Allow Nominatim $policy->addAllowedConnectDomain('nominatim.openstreetmap.org'); return $policy; } /** * Get params for main.php template. */ public static function getMainParams(): array { return [ 'native' => Util::callerIsNative(), ]; } /** * @NoAdminRequired * * @NoCSRFRequired */ public function folder() { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function favorites() { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function albums() { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function videos() { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function archive() { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function thisday() { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function recognize() { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function facerecognition() { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function places() { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function tags() { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function map() { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function explore() { return $this->main(); } /** * @NoAdminRequired * * @NoCSRFRequired */ public function nxsetup() { return $this->main(); } }