NethServer Version: 8
Module: collabora 1.0.11
Hello,
I’m trying to integrate collabora on an external website, when I try to use an Iframe i got the following error:
Refused to frame 'https://xxx.yyy.www/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors xxx.yyy.www:* aaa.yyy.www:*".
where I can add an additional domain on the CSP list for collabora?
Thank you!
Unfortunately there’s no volume in collabora so to make the changes persistent, we need to add a volume. This way this customization will survive updates but the coolwsd.xml is not included in backup so better to keep a copy of coolwsd.xml somewhere, in case you need it after restore.
Enter collabora1 environment: (adapt to your collabora instance name)
runagent -m collabora1
Edit the systemd service file…
systemctl --user edit collabora
…until it looks like this:
### Editing /home/collabora1/.config/systemd/user/collabora.service.d/override.conf
### Anything between here and the comment below will become the new contents of the file
[Service]
ExecStart=
ExecStart=/usr/bin/podman run --conmon-pidfile %t/collabora.pid \
--cidfile %t/collabora.ctr-id --cgroups=no-conmon \
--replace -d --name collabora --cap-add MKNOD \
--network=slirp4netns \
--env aliasgroup2=https://${TRAEFIK_HOST}:443 \
--env username=admin \
--env-file=%S/state/password.env \
--env "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:security.capabilities=false" \
--env dictionnaries="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" \
--volume config-data:/etc/coolwsd:Z \
--publish 127.0.0.1:${TCP_PORT}:9980 \
${CODE_IMAGE}
### Lines below this comment will be discarded
### /home/collabora1/.config/systemd/user/collabora.service
# [Unit]
# Description=Podman collabora.service
#
# [Service]
# Environment=PODMAN_SYSTEMD_UNIT=%n
...
Restart the service:
systemctl --user restart collabora
We added a volume config-data that maps /etc/coolwsd in the container so we should be able to edit the config file.
At line 201 you should find the CSP settings.
podman unshare nano $(podman volume inspect config-data --format={{.Mountpoint}})/coolwsd.xml
Restart the service to apply the changes:
systemctl --user restart collabora
Hello @mrmarkuz ,
I’ve added the volume, then i’m trying to edit the coolwsd.xml and at line 201 is like that:
<content_security_policy desc="Customize the CSP header by specifying one or more policy-directive, separated by semicolons. See w3.org/TR/CSP2"></content_security_policy>
how I can add an additional domain on this line?
Thank you
I think it works like this but I didn’t test:
<content_security_policy desc="Customize the CSP header by specifying one or more policy-directive, separated by semicolons. See w3.org>
<frame-src>
'self' https://domain.tld;
</frame-src>
</content_security_policy>
Or in one line:
<content_security_policy desc="Customize the CSP header by specifying one or more policy-directive, separated by semicolons. See w3.org/TR/CSP2"><frame-src> 'self' https://domain.tld; </frame-src></content_security_policy>
Hello @mrmarkuz ,
i’ve changed the line accordingly and restarted collabora, but still getting the same error, it’s possible that we need to define the domain also on the line 202 which is frame_ancestors section?
Thank you
Yes, that’s possible but I never tested.
Maybe there are some hints in their forums, like Integrate Collabora to a Web App - Installation & Configuration - Collabora Online
EDIT:
Documentation: Advanced integration — SDK https://sdk.collaboraonline.com/ documentation