Ironically our attempts to double-check message origin against our
parent was blowing a security exception.
Instead send the list of origins we will accept from WSD, and
check them ourselves (as well as the browser check).
Why make it so hard to check that a postMessage comes from an
ancestor frame ?
Change-Id: I1311be3e1d68a31cfdc96b45a5eb5dd7f26e7ea9
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/86788
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Alexandru Vlăduţu <alexandru.vladutu@1and1.ro>
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Also add a config option for logging.protocol - to help catch early
protocol issues during startup.
Change-Id: I6f0cc6dcf14b2797bc6b2bd36c44750d74eb0608
removed use of Poco::StringTokenizer from the wsd directory using LOOLProtocol::tokenize and std::vecor<std::string>
Change-Id: Ic50b4d4d71d4ffd005aacf6aef0ed2bfde66d40d
Reviewed-on: https://gerrit.libreoffice.org/82569
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
The initial bits to serving some page with provision
to ingest the different formats into a table.
Doesn't yet link with the actual document, but it's
a start.
The link will have some unique id(s) in it to
reference the document in question, which will
be some hash (possibly changing with some logic for
security reasons). This hash will have to be
something valid that WSD will use to locate
the DocBroker in question, connect to it and
fetch the formats supported and generate unique
links for each. When the user clicks on a link,
the contents will be downloaded in the given
format and copied to the user's clipboard.
The clipboard.html template is based on loleaflet.html
as we're very likely to use the same customization,
branding, localization, and javascript bits.
We would probably want to add a brandable title
with logo etc. and possibly some more reasable
background (ideally, an image enlarged and blured
to give the page some semblance of having content).
Change-Id: If0550184d4423bef1e98fecbb072bdf8df07701b
wsd/FileServer.cpp:464:35: runtime error: null pointer passed as argument 1, which is declared to never be null
/usr/include/dirent.h:162:45: note: nonnull attribute specified here
#0 0xbf566b in FileServerRequestHandler::readDirToHash(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/vmiklos/lode/dev/online/wsd/FileServer.cpp:464:27
#1 0xbf8417 in FileServerRequestHandler::initialize() /home/vmiklos/lode/dev/online/wsd/FileServer.cpp:531:13
#2 0x98617a in LOOLWSD::initialize(Poco::Util::Application&) /home/vmiklos/lode/dev/online/wsd/LOOLWSD.cpp:1155:5
#3 0x7f17fc9c8263 in Poco::Util::Application::run() (/usr/lib64/libPocoUtil.so.60+0x3e263)
#4 0x9c29f3 in main /home/vmiklos/lode/dev/online/wsd/LOOLWSD.cpp:3466:1
#5 0x7f17fa739f49 in __libc_start_main (/lib64/libc.so.6+0x20f49)
#6 0x5c1e19 in _start /home/abuild/rpmbuild/BUILD/glibc-2.26/csu/../sysdeps/x86_64/start.S:120
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior wsd/FileServer.cpp:464:35 in
Change-Id: Iadb90c4e98981283718be3e3e9f55cb0b7a3e917
Don't stop the polling thread and attempt cleanup
when the thread is no longer alive; just avoid
logging warnings and other noise.
Demote a couple warning logs to info since
they are neither critical nor actionable.
Change-Id: Ibe8e8491723f1beeaea03a6e935d606b01e275f0
This reverts commit 1d9a9e834a. This
commit meant that if you hit CSP violations, then 'make run' hides those
problems and you need a full 'docker' (or similar) setup to see the
problem, where it's much more painful to debug it.
See commit 6e0d1ad707 (document signing:
whitelist CSP frame-src for doc sign endpoint URL, 2018-12-05) for a
real-world example where this happened.
Change-Id: Idc14496463f6decd0ad64c3b31758b4f532d66e6
Reviewed-on: https://gerrit.libreoffice.org/65549
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Miklos Vajna <vmiklos@collabora.com>
If document signing is enabled in loolwsd.xml, then explicitly whitelist
iframe creation towards the doc sign endpoint server, to avoid
> Refused to frame '...' because it violates the following Content Security Policy directive: "frame-src 'self' blob:".
Note that this happened only in non-debug builds, as we currently don't
send eny Content Security Policy headers in debug builds.
Change-Id: Iee2a0644d67d5803ab3f5c636b8e960fa619792f
document_signing_url in loolwsd now accepts a vereign server URL
endpoint. If not provided, the signing functionallity won't be
available.
The document signing infobar is now shown dynamically so by
default it is not shown, but when the users clicks in menu the
"sign document", the infobar is shown (the document-content is
css "top" value is adjusted via JQuery).
Change-Id: I9d5f6b68ba3612eeeb9de28c9c0333b4d1bf41d8
Reviewed-on: https://gerrit.libreoffice.org/64298
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
Tested-by: Tomaž Vajngerl <quikee@gmail.com>
Beforehand, any host could embed the iframe as the Referer was always allowed.
Now, only the loolwsd and the WOPI host are allowed to do that.
Additionally, a config option has been added to add more allowed hosts.
X-Frame-Options supports has been removed as it supports only one host
and CSP is meanwhile supported in ~all major browsers.
Change-Id: I222720e1220116102708c50edaf08e2a4a0aebda
Reviewed-on: https://gerrit.libreoffice.org/63864
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
If the document-container has an explicit style attribute, then this
breaks Calc (only Writer was tested before). This restores the correct
Writer/Calc/Impress behavior when the setting is false and keeps correct
behavior with Writer when the setting is true.
Change-Id: I310660e88af4407e521529ec41b5dcb604108bd9
It's not too easy to customize CSS, so move the top position of the
document container to loleaflet.html, where it's convenient to handle
this.
JS can dynamically query if the menu item should be there, similar to
the about dialog.
Change-Id: I4b2799a41f8ad31e3a9b4983fd1947d2e0363a2b
