Fix Collabora WOPI: Put WOPISrc in URL query param, not form body
This commit is contained in:
Leon Bösche
@@ -6,8 +6,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/url"
|
||||||
//"net/url"
|
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
@@ -752,9 +751,16 @@ func collaboraProxyHandler(w http.ResponseWriter, r *http.Request, db *database.
|
|||||||
// Get the correct Collabora editor URL from discovery (includes version hash)
|
// Get the correct Collabora editor URL from discovery (includes version hash)
|
||||||
editorURL := getCollaboraEditorURL(collaboraURL)
|
editorURL := getCollaboraEditorURL(collaboraURL)
|
||||||
|
|
||||||
|
// URL-encode the WOPISrc for use in the form action URL
|
||||||
|
encodedWopiSrc := url.QueryEscape(wopiSrc)
|
||||||
|
|
||||||
|
// Build the full Collabora URL with WOPISrc as query parameter
|
||||||
|
// Collabora expects: cool.html?WOPISrc=<encoded-url>
|
||||||
|
collaboraFullURL := fmt.Sprintf("%s?WOPISrc=%s", editorURL, encodedWopiSrc)
|
||||||
|
|
||||||
// Return HTML page with auto-submitting form
|
// Return HTML page with auto-submitting form
|
||||||
// The form POSTs to Collabora from within an iframe to work around CSP frame-ancestors restrictions
|
// The form POSTs to Collabora with access_token in the body
|
||||||
// The iframe is hosted on the same domain as the embedded page, allowing the POST to complete
|
// WOPISrc must be in the URL as a query parameter
|
||||||
htmlContent := fmt.Sprintf(`<!DOCTYPE html>
|
htmlContent := fmt.Sprintf(`<!DOCTYPE html>
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
@@ -772,7 +778,6 @@ func collaboraProxyHandler(w http.ResponseWriter, r *http.Request, db *database.
|
|||||||
<p>Loading Collabora Online...</p>
|
<p>Loading Collabora Online...</p>
|
||||||
</div>
|
</div>
|
||||||
<form method="POST" action="%s" target="_self" id="collaboraForm" style="display: none;">
|
<form method="POST" action="%s" target="_self" id="collaboraForm" style="display: none;">
|
||||||
<input type="hidden" name="WOPISrc" value="%s">
|
|
||||||
<input type="hidden" name="access_token" value="%s">
|
<input type="hidden" name="access_token" value="%s">
|
||||||
</form>
|
</form>
|
||||||
<script>
|
<script>
|
||||||
@@ -786,12 +791,12 @@ func collaboraProxyHandler(w http.ResponseWriter, r *http.Request, db *database.
|
|||||||
}
|
}
|
||||||
</script>
|
</script>
|
||||||
</body>
|
</body>
|
||||||
</html>`, editorURL, wopiSrc, accessToken, editorURL)
|
</html>`, collaboraFullURL, accessToken, collaboraFullURL)
|
||||||
|
|
||||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||||
// Don't set X-Frame-Options - this endpoint is meant to be loaded in an iframe
|
// Don't set X-Frame-Options - this endpoint is meant to be loaded in an iframe
|
||||||
w.WriteHeader(http.StatusOK)
|
w.WriteHeader(http.StatusOK)
|
||||||
w.Write([]byte(htmlContent))
|
w.Write([]byte(htmlContent))
|
||||||
|
|
||||||
fmt.Printf("[COLLABORA-PROXY] Served HTML form: file=%s user=%s wopi_src=%s editor_url=%s\n", fileID, userID.String(), wopiSrc, editorURL)
|
fmt.Printf("[COLLABORA-PROXY] Served HTML form: file=%s user=%s wopi_src=%s editor_url=%s\n", fileID, userID.String(), wopiSrc, collaboraFullURL)
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user