From 9f76edb55571586f2ab887614a9c9026a136c853 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Wed, 22 Jul 2015 21:21:59 +0200
Subject: [PATCH] Allow iframes

---
 controller/webviewcontroller.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/controller/webviewcontroller.php b/controller/webviewcontroller.php
index 3d62e314..eaf68950 100644
--- a/controller/webviewcontroller.php
+++ b/controller/webviewcontroller.php
@@ -12,6 +12,7 @@
 
 namespace OCA\Bookmarks\Controller;
 
+use OCP\AppFramework\Http\ContentSecurityPolicy;
 use \OCP\IRequest;
 use \OCP\AppFramework\Http\TemplateResponse;
 use \OCP\AppFramework\Controller;
@@ -38,7 +39,13 @@ class WebViewController extends Controller {
 	public function index() {
 		$bookmarkleturl = $this->urlgenerator->getAbsoluteURL('index.php/apps/bookmarks/bookmarklet');
 		$params = array('user' => $this->userId, 'bookmarkleturl' => $bookmarkleturl);
-		return new TemplateResponse('bookmarks', 'main', $params);
+
+		$policy = new ContentSecurityPolicy();
+		$policy->addAllowedFrameDomain("'self'");
+
+		$response = new TemplateResponse('bookmarks', 'main', $params);
+		$response->setContentSecurityPolicy($policy);
+		return $response;
 	}
 
 	/**