RawResponse.php 936 B

123456789101112131415161718192021222324252627282930
  1. <?php
  2. namespace OCA\Raw\Controller;
  3. use \Exception;
  4. trait RawResponse {
  5. protected function returnRawResponse($fileNode) {
  6. if ($fileNode->getType() === 'dir') {
  7. // If the requested path is a folder, try return its index.html.
  8. try {
  9. $fileNode = $fileNode->get('index.html');
  10. } catch (NotFoundException $e) {
  11. return new NotFoundResponse();
  12. }
  13. }
  14. $content = $fileNode->getContent();
  15. $mimetype = $fileNode->getMimeType();
  16. // Ugly hack to have exact control over the response, to e.g. prevent security middleware
  17. // messing up the CSP. TODO find a neater solution than bluntly doing header() + echo + exit.
  18. header( // Add a super strict CSP: no connectivity allowed.
  19. "Content-Security-Policy: sandbox; default-src 'none'; img-src data:; media-src data:; "
  20. . "style-src data: 'unsafe-inline'; font-src data:; frame-src data:"
  21. );
  22. header("Content-Type: ${mimetype}");
  23. echo $content;
  24. exit;
  25. }
  26. }