nextcloud-raw/lib/Controller/ RawResponse.php
27 lines
898 B

  1. <?php
  2. namespace OCA\Raw\Controller;
  3. use \Exception;
  4. trait RawResponse {
  5. protected function returnRawResponse($fileNode) {
  6. if ($fileNode->getType() === 'dir') {
  7. // Is there some reasonable thing to return for a directory? An html index? A tarball?
  8. throw new Exception("Requested share is a directory, not a file.");
  9. }
  10. $content = $fileNode->getContent();
  11. $mimetype = $fileNode->getMimeType();
  12. // Ugly hack to have exact control over the response, to e.g. prevent security middleware
  13. // messing up the CSP. TODO find a neater solution than bluntly doing header() + echo + exit.
  14. header( // Add a super strict CSP: no connectivity allowed.
  15. "Content-Security-Policy: sandbox; default-src 'none'; img-src data:; media-src data:; "
  16. . "style-src data: 'unsafe-inline'; font-src data:; frame-src data:"
  17. );
  18. header("Content-Type: ${mimetype}");
  19. echo $content;
  20. exit;
  21. }
  22. }