CSP policy prevends loading of zeroclipboard

Created by: brantje

Refused to load plugin data from 'https://xxxxx/apps/passman/js/bower_components/zeroclipboard/dist/ZeroClipboard.swf?noCache=1430843054685' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'object-src' was not explicitly set, so 'default-src' is used as a fallback.

Fix: https://github.com/owncloud/documentation/pull/1086/files#diff-b59ae4d62ea4abeab1cabfced647445cR562

--- Want to back this issue? **Post a bounty on it!** We accept bounties via Bountysource.

Imported comments:

By brantje on 2015-05-05 18:55:33 UTC

<?php
namespace OCA\MyApp\Controller;

use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Http\ContentSecurityPolicy;

class PageController extends Controller {

        public function index() {
            $response = new TemplateResponse('myapp', 'main');
            $csp = new ContentSecurityPolicy();
            $csp->addAllowedObjectDomain('\'self\''’);
            $response->setContentSecurityPolicy($csp);
        }

}