From 8d73a4bb44f52276b086530d0d233e281684a697 Mon Sep 17 00:00:00 2001
From: Benedikt Kulmann <benedikt@kulmann.biz>
Date: Thu, 18 Feb 2021 21:01:13 +0100
Subject: [PATCH] Fix allowed folders and CSP in oc10 app

---
 changelog/2.0.1_2021-02-18/fix-php-controller                | 5 +++++
 package.json                                                 | 2 +-
 packages/web-integration-oc10/appinfo/info.xml               | 2 +-
 .../web-integration-oc10/lib/Controller/FilesController.php  | 4 ++--
 4 files changed, 9 insertions(+), 4 deletions(-)
 create mode 100644 changelog/2.0.1_2021-02-18/fix-php-controller

diff --git a/changelog/2.0.1_2021-02-18/fix-php-controller b/changelog/2.0.1_2021-02-18/fix-php-controller
new file mode 100644
index 00000000000..5d0606a9087
--- /dev/null
+++ b/changelog/2.0.1_2021-02-18/fix-php-controller
@@ -0,0 +1,5 @@
+Bugfix: Fix oc10 deployment after switch to rollup
+
+Our first release of the oc10 app after the switch to rollup as bundler had a bug as it didn't reflect the new folder structure of the app in the allowed folders. This has been fixed by updating the allowed folders.
+
+https://github.com/owncloud/web/pull/4757
diff --git a/package.json b/package.json
index d1aa4b05e15..5fab5866d2d 100644
--- a/package.json
+++ b/package.json
@@ -1,5 +1,5 @@
 {
-  "version": "2.0.0",
+  "version": "2.0.1",
   "private": true,
   "workspaces": [
     "packages/web-app-draw-io",
diff --git a/packages/web-integration-oc10/appinfo/info.xml b/packages/web-integration-oc10/appinfo/info.xml
index 7363d051487..00acd22347b 100644
--- a/packages/web-integration-oc10/appinfo/info.xml
+++ b/packages/web-integration-oc10/appinfo/info.xml
@@ -13,7 +13,7 @@ For feedback and bug reports, please use the [public issue tracker](https://gith
 	</description>
 	<licence>AGPL</licence>
 	<author>ownCloud</author>
-	<version>2.0.0</version>
+	<version>2.0.1</version>
 	<category>tools</category>
 	<website>https://github.com/owncloud/web</website>
 	<bugs>https://github.com/owncloud/web/issues</bugs>
diff --git a/packages/web-integration-oc10/lib/Controller/FilesController.php b/packages/web-integration-oc10/lib/Controller/FilesController.php
index 15fd7853a99..2c882d32eeb 100644
--- a/packages/web-integration-oc10/lib/Controller/FilesController.php
+++ b/packages/web-integration-oc10/lib/Controller/FilesController.php
@@ -71,7 +71,7 @@ public function getFile(string $path): Response {
 		}
 
 		// check if path permitted
-		$permittedPaths = ["apps", "core", "css", "img", "node_modules", "themes", "index.html", "oidc-callback.html", "oidc-silent-redirect.html"];
+		$permittedPaths = ["css", "img", "js", "themes", "index.html", "oidc-callback.html", "oidc-silent-redirect.html"];
 		$found = false;
 		foreach ($permittedPaths as $p) {
 			if (\strpos($path, $p) === 0) {
@@ -104,7 +104,7 @@ public function getFile(string $path): Response {
 			'Expires' => 'Wed, 11 Jan 1984 05:00:00 GMT',
 			'X-Frame-Options' => 'DENY'
 		]);
-		if (\strpos($path, "oidc-callback.html") === 0 || \strpos($path, "oidc-silent-redirect.html") === 0) {
+		if (\strpos($path, "index.html") === 0 || \strpos($path, "oidc-callback.html") === 0 || \strpos($path, "oidc-silent-redirect.html") === 0) {
 			$csp = new ContentSecurityPolicy();
 			$csp->allowInlineScript(true);
 			$response->setContentSecurityPolicy($csp);