b0esche/b0esche_cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix Collabora form submission: remove iframe target and use _self to bypass CSP

Browse Source
This commit is contained in:
Leon Bösche
2026-01-13 12:59:49 +01:00
parent 19825763ad
commit 8baaad2c08
1 changed files with 11 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
go_cloud/internal/http/wopi_handlers.go
View File

@@ -666,7 +666,8 @@ func collaboraProxyHandler(w http.ResponseWriter, r *http.Request, db *database.
wopiSrc := fmt.Sprintf("https://go.b0esche.cloud/wopi/files/%s?access_token=%s", fileID, accessToken)
// Return HTML page with auto-submitting form
// Collabora Online: POST WOPISrc as form data
// The form POSTs to Collabora from within an iframe to work around CSP frame-ancestors restrictions
// The iframe is hosted on the same domain as the embedded page, allowing the POST to complete
htmlContent := fmt.Sprintf(`<!DOCTYPE html>
<html>
<head>
@@ -683,22 +684,18 @@ func collaboraProxyHandler(w http.ResponseWriter, r *http.Request, db *database.
<div class="loading">
<p>Loading Collabora Online...</p>
</div>
<form method="POST" action="%s/browser/dist/cool.html" target="collabora-frame" id="collaboraForm" style="display: none;">
<form method="POST" action="%s/browser/dist/cool.html" target="_self" id="collaboraForm" style="display: none;">
<input type="hidden" name="WOPISrc" value="%s">
</form>
<iframe name="collabora-frame" id="collabora-frame" style="position:fixed; top:0; left:0; width:100%%; height:100%%; border:none;"></iframe>
<script>
window.addEventListener('load', function() {
setTimeout(function() {
var form = document.getElementById('collaboraForm');
if (form) {
console.log('[COLLABORA] Submitting form to /browser/dist/cool.html');
form.submit();
} else {
console.error('[COLLABORA] Form not found');
}
}, 100);
});
// Auto-submit the form to Collabora
var form = document.getElementById('collaboraForm');
if (form) {
console.log('[COLLABORA] Submitting form to /browser/dist/cool.html with WOPISrc');
form.submit();
} else {
console.error('[COLLABORA] Form not found');
}
</script>
</body>
</html>`, collaboraURL, wopiSrc)