From b50fb8b41e015600ae4ae2afe43bc8ae66ec73af Mon Sep 17 00:00:00 2001
From: Yvo Brevoort <yvo@muze.nl>
Date: Fri, 19 Jan 2024 08:46:11 +0100
Subject: [PATCH] add allowed origin

---
 solid/lib/Controller/StorageController.php | 29 ++++++++++++----------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/solid/lib/Controller/StorageController.php b/solid/lib/Controller/StorageController.php
index 57f9d6c..37091ad 100644
--- a/solid/lib/Controller/StorageController.php
+++ b/solid/lib/Controller/StorageController.php
@@ -338,6 +338,9 @@ public function handleRequest($userId, $path) {
 			if (isset($clientRegistration['client_name'])) {
 				$allowedOrigins[] = $clientRegistration['client_name'];
 			}
+			if (isset($clientRegistration['origin'])) {
+				$allowedOrigins[] = $clientRegistration['origin'];
+			}
 		}
 		if (!$this->WAC->isAllowed($request, $webId, $origin, $allowedOrigins)) {
 			$response = $this->resourceServer->getResponse()
@@ -428,19 +431,19 @@ private function respond($response) {
 //		$result->addHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
 //		$result->addHeader('Access-Control-Allow-Origin', $origin);
 		
-                $policy = new EmptyContentSecurityPolicy();
-                $policy->addAllowedStyleDomain("*");
-                $policy->addAllowedStyleDomain("data:");
-                $policy->addAllowedScriptDomain("*");
-                $policy->addAllowedImageDomain("*");
-                $policy->addAllowedFontDomain("*");
-                $policy->addAllowedConnectDomain("*");
-                $policy->allowInlineStyle(true);
-                $policy->allowInlineScript(true);
-                $policy->allowEvalScript(true);
-                $result->setContentSecurityPolicy($policy);
-                
-                $result->setStatus($statusCode);
+		$policy = new EmptyContentSecurityPolicy();
+		$policy->addAllowedStyleDomain("*");
+		$policy->addAllowedStyleDomain("data:");
+		$policy->addAllowedScriptDomain("*");
+		$policy->addAllowedImageDomain("*");
+		$policy->addAllowedFontDomain("*");
+		$policy->addAllowedConnectDomain("*");
+		$policy->allowInlineStyle(true);
+		$policy->allowInlineScript(true);
+		$policy->allowEvalScript(true);
+		$result->setContentSecurityPolicy($policy);
+		
+		$result->setStatus($statusCode);
 		return $result;
 	}
 }