Commit 6f6c77d2 authored by Jérome Perrin's avatar Jérome Perrin Committed by Romain Courteaud

officejs: remove duplicated WebPage_viewAsWeb

Having WebPage_viewAsWeb in default skin selection break other sites
relying on default behavior of erp5_web.
parent c1b33489
if REQUEST is None:
if response is None:
# The vanilla HTML is wanted
web_page = context
web_section = REQUEST.get("current_web_section")
#if REQUEST.getHeader('If-Modified-Since', '') == web_page.getModificationDate().rfc822():
# response.setStatus(304)
# return ""
portal_type = web_page.getPortalType()
if portal_type in ("Web Page", "Web Script", "Web Manifest", "Web Style"):
web_content = web_page.getTextContent()
if portal_type == "Web Section":
web_page = web_page.getAggregateValue()
response.setHeader('Content-Type', web_page.getContentType())
web_content = web_page.getData()
# set headers depending on type of script
if (portal_type == "Web Script"):
response.setHeader('Content-Type', 'application/javascript; charset=utf-8')
elif (portal_type == "Web Style"):
response.setHeader('Content-Type', 'text/css; charset=utf-8')
elif (portal_type == "Web Manifest"):
response.setHeader('Content-Type', 'text/cache-manifest; charset=utf-8')
elif (portal_type == "Web Page"):
if (mapping_dict is not None):
web_content = web_page.TextDocument_substituteTextContent(web_content, mapping_dict=mapping_dict)
content_security_policy = "default-src 'self' data: blob: *"
x_frame_options = "SAMEORIGIN"
if (web_section):
content_security_policy = web_section.getLayoutProperty("configuration_content_security_policy", default=content_security_policy)
x_frame_options = web_section.getLayoutProperty("configuration_x_frame_options", default=x_frame_options)
# Do not allow to put inside an iframe
if not x_frame_options == "ALLOW-FROM-ALL":
response.setHeader("X-Frame-Options", x_frame_options)
response.setHeader("X-Content-Type-Options", "nosniff")
# Only fetch code (html, js, css, image) and data from this ERP5, to prevent any data leak as the web site do not control the gadget's code
response.setHeader("Content-Security-Policy", content_security_policy)
response.setHeader('Content-Type', web_page.getContentType('text/html'))
return web_content
<?xml version="1.0"?>
<record id="1" aka="AAAAAAAAAAE=">
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
<key> <string>_bind_names</string> </key>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
<key> <string>_asgns</string> </key>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
<key> <string>_params</string> </key>
<value> <string>REQUEST=None, response=None, mapping_dict=None</string> </value>
<key> <string>id</string> </key>
<value> <string>WebPage_viewAsWeb</string> </value>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment