adjustCsp() - Code Metrics - Inspection of "One more CSP rule needed for HLS streaming on Chro..." - owncloud/music - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 552d59...edf700 )

by Pauli

created 2020-11-25 21:41 UTC

adjustCsp() A

↳ Parent: Project

Complexity

Conditions	1
Paths	1

Size

Total Lines	11
Code Lines	9

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	9
nc	1
nop	0
dl	0
loc	11
rs	9.9666
c	0
b	0
f	0

<?php

/**
 * ownCloud - Music app
 *
 * This file is licensed under the Affero General Public License version 3 or
 * later. See the COPYING file.
 *
 * @author Morris Jobke <[email protected]>
 * @author Pauli Järvinen <[email protected]>
 * @copyright Morris Jobke 2013, 2014
 * @copyright Pauli Järvinen 2017 - 2020
 */

namespace OCA\Music\App;

$app = new Music();

$c = $app->getContainer();
$appName = $c->query('AppName');

/**
 * add navigation
 */
\OC::$server->getNavigationManager()->add(function () use ($c, $appName) {
	return [
		'id' => $appName,
		'order' => 10,
		'name' => $c->query('L10N')->t('Music'),
		'href' => $c->query('URLGenerator')->linkToRoute('music.page.index'),
		'icon' => \OCA\Music\Utility\HtmlUtil::getSvgPath('music')
	];
});

/**
 * register regular task
 */
\OC::$server->getJobList()->add('OC\BackgroundJob\Legacy\RegularJob', ['OCA\Music\Backgroundjob\CleanUp', 'run']);

/**
 * register hooks
 */
$c->query('FileHooks')->register();
$c->query('ShareHooks')->register();
$c->query('UserHooks')->register();

/**
 * register search provider
 */
$c->getServer()->getSearch()->registerProvider(
		'OCA\Music\Search\Provider',
		['app' => $appName, 'apps' => ['files']]
);

/**
 * Set content security policy to allow streaming media from any external source
 */
function adjustCsp() {
	$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy();
	$policy->addAllowedMediaDomain('http://*:*');
	$policy->addAllowedMediaDomain('https://*:*');
	// the next 5 rules are needed to use hls.js to stream from HLS type sources
	$policy->addAllowedMediaDomain('data:');
	$policy->addAllowedMediaDomain('blob:');
	$policy->addAllowedChildSrcDomain('blob:');
	$policy->addAllowedConnectDomain('http://*:*');
	$policy->addAllowedConnectDomain('https://*:*');
	\OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy);
}

/**
 * Load embedded music player for Files and Sharing apps
 *
 * The nice way to do this would be
 * \OC::$server->getEventDispatcher()->addListener('OCA\Files::loadAdditionalScripts', $loadEmbeddedMusicPlayer);
 * \OC::$server->getEventDispatcher()->addListener('OCA\Files_Sharing::loadAdditionalScripts', $loadEmbeddedMusicPlayer);
 * ... but this doesn't work for shared files on ownCloud 10.0, at least. Hence, we load the scripts
 * directly if the requested URL seems to be for Files or Sharing.
 */
function loadEmbeddedMusicPlayer() {
	\OCA\Music\Utility\HtmlUtil::addWebpackScript('files_music_player');
	\OCA\Music\Utility\HtmlUtil::addWebpackStyle('files_music_player');
}

$request = \OC::$server->getRequest();
if (isset($request->server['REQUEST_URI'])) {
	$url = $request->server['REQUEST_URI'];
	$url = \explode('?', $url)[0]; // get rid of any query args
	$isFilesUrl = \preg_match('%/apps/files(/.*)?%', $url);
	$isShareUrl = \preg_match('%/s/.+%', $url)
		&& !\preg_match('%/apps/.*%', $url)
		&& !\preg_match('%.*/authenticate%', $url);
	$isMusicUrl = \preg_match('%/apps/music(/.*)?%', $url);

	if ($isFilesUrl || $isShareUrl) {
		adjustCsp();
		loadEmbeddedMusicPlayer();
	} elseif ($isMusicUrl) {
		adjustCsp();
	}
}


1			<?php
2
3			/**
4			* ownCloud - Music app
5			*
6			* This file is licensed under the Affero General Public License version 3 or
7			* later. See the COPYING file.
8			*
9			* @author Morris Jobke <[email protected]>
10			* @author Pauli Järvinen <[email protected]>
11			* @copyright Morris Jobke 2013, 2014
12			* @copyright Pauli Järvinen 2017 - 2020
13			*/
14
15			namespace OCA\Music\App;
16
17			$app = new Music();
18
19			$c = $app->getContainer();
20			$appName = $c->query('AppName');
21
22			/**
23			* add navigation
24			*/
25			\OC::$server->getNavigationManager()->add(function () use ($c, $appName) {
26			return [
27			'id' => $appName,
28			'order' => 10,
29			'name' => $c->query('L10N')->t('Music'),
30			'href' => $c->query('URLGenerator')->linkToRoute('music.page.index'),
31			'icon' => \OCA\Music\Utility\HtmlUtil::getSvgPath('music')
32			];
33			});
34
35			/**
36			* register regular task
37			*/
38			\OC::$server->getJobList()->add('OC\BackgroundJob\Legacy\RegularJob', ['OCA\Music\Backgroundjob\CleanUp', 'run']);
39
40			/**
41			* register hooks
42			*/
43			$c->query('FileHooks')->register();
44			$c->query('ShareHooks')->register();
45			$c->query('UserHooks')->register();
46
47			/**
48			* register search provider
49			*/
50			$c->getServer()->getSearch()->registerProvider(
51			'OCA\Music\Search\Provider',
52			['app' => $appName, 'apps' => ['files']]
53			);
54
55			/**
56			* Set content security policy to allow streaming media from any external source
57			*/
58			function adjustCsp() {
59			$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy();
60			$policy->addAllowedMediaDomain('http://:');
61			$policy->addAllowedMediaDomain('https://:');
62			// the next 5 rules are needed to use hls.js to stream from HLS type sources
63			$policy->addAllowedMediaDomain('data:');
64			$policy->addAllowedMediaDomain('blob:');
65			$policy->addAllowedChildSrcDomain('blob:');
66			$policy->addAllowedConnectDomain('http://:');
67			$policy->addAllowedConnectDomain('https://:');
68			\OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy);
69			}
70
71			/**
72			* Load embedded music player for Files and Sharing apps
73			*
74			* The nice way to do this would be
75			* \OC::$server->getEventDispatcher()->addListener('OCA\Files::loadAdditionalScripts', $loadEmbeddedMusicPlayer);
76			* \OC::$server->getEventDispatcher()->addListener('OCA\Files_Sharing::loadAdditionalScripts', $loadEmbeddedMusicPlayer);
77			* ... but this doesn't work for shared files on ownCloud 10.0, at least. Hence, we load the scripts
78			* directly if the requested URL seems to be for Files or Sharing.
79			*/
80			function loadEmbeddedMusicPlayer() {
81			\OCA\Music\Utility\HtmlUtil::addWebpackScript('files_music_player');
82			\OCA\Music\Utility\HtmlUtil::addWebpackStyle('files_music_player');
83			}
84
85			$request = \OC::$server->getRequest();
86			if (isset($request->server['REQUEST_URI'])) {
87			$url = $request->server['REQUEST_URI'];
88			$url = \explode('?', $url)[0]; // get rid of any query args
89			$isFilesUrl = \preg_match('%/apps/files(/.*)?%', $url);
90			$isShareUrl = \preg_match('%/s/.+%', $url)
91			&& !\preg_match('%/apps/.*%', $url)
92			&& !\preg_match('%.*/authenticate%', $url);
93			$isMusicUrl = \preg_match('%/apps/music(/.*)?%', $url);
94
95			if ($isFilesUrl \|\| $isShareUrl) {
96			adjustCsp();
97			loadEmbeddedMusicPlayer();
98			} elseif ($isMusicUrl) {
99			adjustCsp();
100			}
101			}
102

owncloud / music

Push — master ( 552d59...edf700 )

adjustCsp() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like