fix: Add proper feature policy

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2023-10-19 16:25:06 +02:00 · 2023-10-19 16:25:06 +02:00 · 398d165a5d
--- a/composer/composer/autoload_classmap.php
+++ b/composer/composer/autoload_classmap.php
@ -37,8 +37,9 @@ return array(
    'OCA\\Richdocuments\\Exceptions\\ExpiredTokenException' => $baseDir . '/../lib/Exceptions/ExpiredTokenException.php',
    'OCA\\Richdocuments\\Exceptions\\UnknownTokenException' => $baseDir . '/../lib/Exceptions/UnknownTokenException.php',
    'OCA\\Richdocuments\\Helper' => $baseDir . '/../lib/Helper.php',
    'OCA\\Richdocuments\\Listener\\AddContentSecurityPolicyListener' => $baseDir . '/../lib/Listener/AddContentSecurityPolicyListener.php',
    'OCA\\Richdocuments\\Listener\\AddFeaturePolicyListener' => $baseDir . '/../lib/Listener/AddFeaturePolicyListener.php',
    'OCA\\Richdocuments\\Listener\\BeforeFetchPreviewListener' => $baseDir . '/../lib/Listener/BeforeFetchPreviewListener.php',
    'OCA\\Richdocuments\\Listener\\CSPListener' => $baseDir . '/../lib/Listener/CSPListener.php',
    'OCA\\Richdocuments\\Listener\\FileCreatedFromTemplateListener' => $baseDir . '/../lib/Listener/FileCreatedFromTemplateListener.php',
    'OCA\\Richdocuments\\Listener\\LoadViewerListener' => $baseDir . '/../lib/Listener/LoadViewerListener.php',
    'OCA\\Richdocuments\\Listener\\ReferenceListener' => $baseDir . '/../lib/Listener/ReferenceListener.php',
--- a/composer/composer/autoload_static.php
+++ b/composer/composer/autoload_static.php
@ -52,8 +52,9 @@ class ComposerStaticInitRichdocuments
        'OCA\\Richdocuments\\Exceptions\\ExpiredTokenException' => __DIR__ . '/..' . '/../lib/Exceptions/ExpiredTokenException.php',
        'OCA\\Richdocuments\\Exceptions\\UnknownTokenException' => __DIR__ . '/..' . '/../lib/Exceptions/UnknownTokenException.php',
        'OCA\\Richdocuments\\Helper' => __DIR__ . '/..' . '/../lib/Helper.php',
        'OCA\\Richdocuments\\Listener\\AddContentSecurityPolicyListener' => __DIR__ . '/..' . '/../lib/Listener/AddContentSecurityPolicyListener.php',
        'OCA\\Richdocuments\\Listener\\AddFeaturePolicyListener' => __DIR__ . '/..' . '/../lib/Listener/AddFeaturePolicyListener.php',
        'OCA\\Richdocuments\\Listener\\BeforeFetchPreviewListener' => __DIR__ . '/..' . '/../lib/Listener/BeforeFetchPreviewListener.php',
        'OCA\\Richdocuments\\Listener\\CSPListener' => __DIR__ . '/..' . '/../lib/Listener/CSPListener.php',
        'OCA\\Richdocuments\\Listener\\FileCreatedFromTemplateListener' => __DIR__ . '/..' . '/../lib/Listener/FileCreatedFromTemplateListener.php',
        'OCA\\Richdocuments\\Listener\\LoadViewerListener' => __DIR__ . '/..' . '/../lib/Listener/LoadViewerListener.php',
        'OCA\\Richdocuments\\Listener\\ReferenceListener' => __DIR__ . '/..' . '/../lib/Listener/ReferenceListener.php',
--- a/lib/AppConfig.php
+++ b/lib/AppConfig.php
@ -13,6 +13,9 @@ namespace OCA\Richdocuments;
 use \OCP\IConfig;
 use OCA\Richdocuments\AppInfo\Application;
 use OCA\Richdocuments\Service\FederationService;
 use OCP\App\IAppManager;
 use OCP\GlobalScale\IConfig as GlobalScaleConfig;
 class AppConfig {
 	public const WOPI_URL = 'wopi_url';
@ -28,7 +31,7 @@ class AppConfig {
 	// Default: 'no', set to 'yes' to enable
 	public const USE_SECURE_VIEW_ADDITIONAL_MIMES = 'use_secure_view_additional_mimes';
-	private $defaults = [
+	private array $defaults = [
 		'wopi_url' => '',
 		'timeout' => 15,
 		'watermark_text' => '{userId}',
@ -46,15 +49,15 @@ class AppConfig {
 		'watermark_linkTagsList' => 'array'
 	];
-	/** @var IConfig */
+	public function __construct(
-	private $config;
+		private IConfig $config,
-
+		private IAppManager $appManager,
-	public function __construct(IConfig $config) {
+		private GlobalScaleConfig $globalScaleConfig,
-		$this->config = $config;
+	) {
 	}
 	public function getAppNamespace($key) {
-		if (strpos($key, 'watermark_') === 0) {
+		if (str_starts_with($key, 'watermark_')) {
 			return self::WATERMARK_APP_NAMESPACE;
 		}
 		return Application::APPNAME;
@ -186,4 +189,57 @@ class AppConfig {
 	public function useSecureViewAdditionalMimes(): bool {
 		return $this->config->getAppValue(Application::APPNAME, self::USE_SECURE_VIEW_ADDITIONAL_MIMES, 'no') === 'yes';
 	}
 	public function getDomainList(): array {
 		$urls = array_merge(
 			[ $this->domainOnly($this->getCollaboraUrlPublic()) ],
 			$this->getFederationDomains(),
 			$this->getGSDomains()
 		);
 		return array_filter($urls);
 	}
 	private function getFederationDomains(): array {
 		if (!$this->appManager->isEnabledForUser('federation')) {
 			return [];
 		}
 		$federationService = \OCP\Server::get(FederationService::class);
 		$trustedNextcloudDomains = array_filter(array_map(function ($server) use ($federationService) {
 			return $federationService->isTrustedRemote($server) ? $server : null;
 		}, $federationService->getTrustedServers()));
 		$trustedCollaboraDomains = array_filter(array_map(function ($server) use ($federationService) {
 			try {
 				return $federationService->getRemoteCollaboraURL($server);
 			} catch (\Exception $e) {
 				// If there is no remote collabora server we can just skip that
 				return null;
 			}
 		}, $trustedNextcloudDomains));
 		return array_map(function ($url) {
 			return $this->domainOnly($url);
 		}, array_merge($trustedNextcloudDomains, $trustedCollaboraDomains));
 	}
 	private function getGSDomains(): array {
 		if (!$this->globalScaleConfig->isGlobalScaleEnabled()) {
 			return [];
 		}
 		return $this->getGlobalScaleTrustedHosts();
 	}
 	/**
 	 * Strips the path and query parameters from the URL.
 	 */
 	private function domainOnly(string $url): string {
 		$parsedUrl = parse_url($url);
 		$scheme = isset($parsedUrl['scheme']) ? $parsedUrl['scheme'] . '://' : '';
 		$host = $parsedUrl['host'] ?? '';
 		$port = isset($parsedUrl['port']) ? ':' . $parsedUrl['port'] : '';
 		return "$scheme$host$port";
 	}
 }
--- a/lib/AppInfo/Application.php
+++ b/lib/AppInfo/Application.php
@ -28,8 +28,9 @@ use OCA\Files_Sharing\Event\ShareLinkAccessedEvent;
 use OCA\Richdocuments\AppConfig;
 use OCA\Richdocuments\Capabilities;
 use OCA\Richdocuments\Db\WopiMapper;
 use OCA\Richdocuments\Listener\AddContentSecurityPolicyListener;
 use OCA\Richdocuments\Listener\AddFeaturePolicyListener;
 use OCA\Richdocuments\Listener\BeforeFetchPreviewListener;
 use OCA\Richdocuments\Listener\CSPListener;
 use OCA\Richdocuments\Listener\FileCreatedFromTemplateListener;
 use OCA\Richdocuments\Listener\LoadViewerListener;
 use OCA\Richdocuments\Listener\ReferenceListener;
@ -60,6 +61,7 @@ use OCP\IL10N;
 use OCP\IPreview;
 use OCP\Preview\BeforePreviewFetchedEvent;
 use OCP\Security\CSP\AddContentSecurityPolicyEvent;
 use OCP\Security\FeaturePolicy\AddFeaturePolicyEvent;
 use OCP\Server;
 class Application extends App implements IBootstrap {
@ -75,7 +77,8 @@ class Application extends App implements IBootstrap {
 		$context->registerCapability(Capabilities::class);
 		$context->registerMiddleWare(WOPIMiddleware::class);
 		$context->registerEventListener(FileCreatedFromTemplateEvent::class, FileCreatedFromTemplateListener::class);
-		$context->registerEventListener(AddContentSecurityPolicyEvent::class, CSPListener::class);
+		$context->registerEventListener(AddContentSecurityPolicyEvent::class, AddContentSecurityPolicyListener::class);
 		$context->registerEventListener(AddFeaturePolicyEvent::class, AddFeaturePolicyListener::class);
 		$context->registerEventListener(LoadViewer::class, LoadViewerListener::class);
 		$context->registerEventListener(ShareLinkAccessedEvent::class, ShareLinkListener::class);
 		$context->registerEventListener(BeforePreviewFetchedEvent::class, BeforeFetchPreviewListener::class);
--- a/lib/Listener/AddContentSecurityPolicyListener.php
+++ b/lib/Listener/AddContentSecurityPolicyListener.php
@ -0,0 +1,69 @@
 <?php
 declare(strict_types=1);
 /**
 * @copyright Copyright (c) 2022 Julius Härtl <jus@bitgrid.net>
 *
 * @author Julius Härtl <jus@bitgrid.net>
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 *
 */
 namespace OCA\Richdocuments\Listener;
 use OCA\Richdocuments\AppConfig;
 use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
 use OCP\EventDispatcher\Event;
 use OCP\EventDispatcher\IEventListener;
 use OCP\IRequest;
 use OCP\Security\CSP\AddContentSecurityPolicyEvent;
 /** @template-implements IEventListener<Event|AddContentSecurityPolicyEvent> */
 class AddContentSecurityPolicyListener implements IEventListener {
 	public function __construct(
 		private IRequest $request,
 		private AppConfig $config,
 	) {
 	}
 	public function handle(Event $event): void {
 		if (!$event instanceof AddContentSecurityPolicyEvent) {
 			return;
 		}
 		if (!$this->isPageLoad()) {
 			return;
 		}
 		$policy = new EmptyContentSecurityPolicy();
 		$policy->addAllowedFrameDomain("'self'");
 		$policy->addAllowedFrameDomain("nc:");
 		foreach ($this->config->getDomainList() as $url) {
 			$policy->addAllowedFrameDomain($url);
 			$policy->addAllowedFormActionDomain($url);
 			$policy->addAllowedFrameAncestorDomain($url);
 			$policy->addAllowedImageDomain($url);
 		}
 		$event->addPolicy($policy);
 	}
 	private function isPageLoad(): bool {
 		$scriptNameParts = explode('/', $this->request->getScriptName());
 		return end($scriptNameParts) === 'index.php';
 	}
 }
--- a/lib/Listener/AddFeaturePolicyListener.php
+++ b/lib/Listener/AddFeaturePolicyListener.php
@ -0,0 +1,64 @@
 <?php
 declare(strict_types=1);
 /**
 * @copyright Copyright (c) 2022 Julius Härtl <jus@bitgrid.net>
 *
 * @author Julius Härtl <jus@bitgrid.net>
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 *
 */
 namespace OCA\Richdocuments\Listener;
 use OCA\Richdocuments\AppConfig;
 use OCP\AppFramework\Http\FeaturePolicy;
 use OCP\EventDispatcher\Event;
 use OCP\EventDispatcher\IEventListener;
 use OCP\IRequest;
 use OCP\Security\FeaturePolicy\AddFeaturePolicyEvent;
 /** @template-implements IEventListener<Event|AddFeaturePolicyEvent> */
 class AddFeaturePolicyListener implements IEventListener {
 	public function __construct(
 		private IRequest $request,
 		private AppConfig $config,
 	) {
 	}
 	public function handle(Event $event): void {
 		if (!$event instanceof AddFeaturePolicyEvent) {
 			return;
 		}
 		if (!$this->isPageLoad()) {
 			return;
 		}
 		$policy = new FeaturePolicy();
 		foreach ($this->config->getDomainList() as $url) {
 			$policy->addAllowedFullScreenDomain($url);
 		}
 		$event->addPolicy($policy);
 	}
 	private function isPageLoad(): bool {
 		$scriptNameParts = explode('/', $this->request->getScriptName());
 		return end($scriptNameParts) === 'index.php';
 	}
 }
--- a/lib/Listener/CSPListener.php
+++ b/lib/Listener/CSPListener.php
@ -1,130 +0,0 @@
 <?php
 declare(strict_types=1);
 /**
 * @copyright Copyright (c) 2022 Julius Härtl <jus@bitgrid.net>
 *
 * @author Julius Härtl <jus@bitgrid.net>
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 *
 */
 namespace OCA\Richdocuments\Listener;
 use OCA\Richdocuments\AppConfig;
 use OCA\Richdocuments\Service\FederationService;
 use OCP\App\IAppManager;
 use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
 use OCP\EventDispatcher\Event;
 use OCP\EventDispatcher\IEventListener;
 use OCP\GlobalScale\IConfig as GlobalScaleConfig;
 use OCP\IRequest;
 use OCP\Security\CSP\AddContentSecurityPolicyEvent;
 /** @template-implements IEventListener<Event|AddContentSecurityPolicyEvent> */
 class CSPListener implements IEventListener {
 	private IRequest $request;
 	private AppConfig $config;
 	private IAppManager $appManager;
 	private FederationService $federationService;
 	private GlobalScaleConfig $globalScaleConfig;
 	public function __construct(IRequest $request, AppConfig $config, IAppManager $appManager, FederationService $federationService, GlobalScaleConfig $globalScaleConfig) {
 		$this->request = $request;
 		$this->config = $config;
 		$this->appManager = $appManager;
 		$this->federationService = $federationService;
 		$this->globalScaleConfig = $globalScaleConfig;
 	}
 	public function handle(Event $event): void {
 		if (!$event instanceof AddContentSecurityPolicyEvent) {
 			return;
 		}
 		if (!$this->isPageLoad()) {
 			return;
 		}
 		$urls = array_merge(
 			[ $this->domainOnly($this->config->getCollaboraUrlPublic()) ],
 			$this->getFederationDomains(),
 			$this->getGSDomains()
 		);
 		$urls = array_filter($urls);
 		$policy = new EmptyContentSecurityPolicy();
 		$policy->addAllowedFrameDomain("'self'");
 		$policy->addAllowedFrameDomain("nc:");
 		foreach ($urls as $url) {
 			$policy->addAllowedFrameDomain($url);
 			$policy->addAllowedFormActionDomain($url);
 			$policy->addAllowedFrameAncestorDomain($url);
 			$policy->addAllowedImageDomain($url);
 		}
 		$event->addPolicy($policy);
 	}
 	private function isPageLoad(): bool {
 		$scriptNameParts = explode('/', $this->request->getScriptName());
 		return end($scriptNameParts) === 'index.php';
 	}
 	private function getFederationDomains(): array {
 		if (!$this->appManager->isEnabledForUser('federation')) {
 			return [];
 		}
 		$trustedNextcloudDomains = array_filter(array_map(function ($server) {
 			return $this->federationService->isTrustedRemote($server) ? $server : null;
 		}, $this->federationService->getTrustedServers()));
 		$trustedCollaboraDomains = array_filter(array_map(function ($server) {
 			try {
 				return $this->federationService->getRemoteCollaboraURL($server);
 			} catch (\Exception $e) {
 				// If there is no remote collabora server we can just skip that
 				return null;
 			}
 		}, $trustedNextcloudDomains));
 		return array_map(function ($url) {
 			return $this->domainOnly($url);
 		}, array_merge($trustedNextcloudDomains, $trustedCollaboraDomains));
 	}
 	private function getGSDomains(): array {
 		if (!$this->globalScaleConfig->isGlobalScaleEnabled()) {
 			return [];
 		}
 		return $this->config->getGlobalScaleTrustedHosts();
 	}
 	/**
 	 * Strips the path and query parameters from the URL.
 	 */
 	private function domainOnly(string $url): string {
 		$parsedUrl = parse_url($url);
 		$scheme = isset($parsedUrl['scheme']) ? $parsedUrl['scheme'] . '://' : '';
 		$host = $parsedUrl['host'] ?? '';
 		$port = isset($parsedUrl['port']) ? ':' . $parsedUrl['port'] : '';
 		return "$scheme$host$port";
 	}
 }
--- a/tests/OCA/Richdocuments/Listener/AddFeaturePolicyListenerTest.php
+++ b/tests/OCA/Richdocuments/Listener/AddFeaturePolicyListenerTest.php
@ -0,0 +1,84 @@
 <?php
 /**
 * @copyright Copyright (c) 2023 Julius Härtl <jus@bitgrid.net>
 *
 * @author Julius Härtl <jus@bitgrid.net>
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
 namespace OCA\Richdocuments\Listener;
 use OC\Security\FeaturePolicy\FeaturePolicyManager;
 use OCA\Richdocuments\AppConfig;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\IRequest;
 use PHPUnit\Framework\TestCase;
 class AddFeaturePolicyListenerTest extends TestCase {
 	private AddFeaturePolicyListener $featurePolicyListener;
 	public function setUp(): void {
 		$this->request = $this->createMock(IRequest::class);
 		$this->config = $this->createMock(AppConfig::class);
 		parent::setUp();
 		$this->featurePolicyListener = new AddFeaturePolicyListener(
 			$this->request,
 			$this->config,
 		);
 	}
 	public function testEmpty() {
 		$this->expectPageLoad();
 		$this->config->expects(self::any())
 			->method('getDomainList')
 			->willReturn([]);
 		$policy = $this->getMergedPolicy();
 		self::assertEquals(["'self'"], $policy->getFullscreenDomains());
 	}
 	public function testDomains() {
 		$this->expectPageLoad();
 		$this->config->expects(self::any())
 			->method('getDomainList')
 			->willReturn(['https://collabora.local']);
 		$policy = $this->getMergedPolicy();
 		self::assertEquals(["'self'", 'https://collabora.local'], $policy->getFullscreenDomains());
 	}
 	private function getMergedPolicy(): \OC\Security\FeaturePolicy\FeaturePolicy {
 		$eventDispatcher = $this->createMock(IEventDispatcher::class);
 		$eventDispatcher->expects(self::once())
 			->method('dispatchTyped')
 			->willReturnCallback(function ($event) {
 				$this->featurePolicyListener->handle($event);
 			});
 		$manager = new FeaturePolicyManager($eventDispatcher);
 		return $manager->getDefaultPolicy();
 	}
 	private function expectPageLoad(): void {
 		$this->request->expects(self::once())
 			->method('getScriptName')
 			->willReturn('index.php');
 	}
 }
--- a/tests/lib/AppConfigTest.php
+++ b/tests/lib/AppConfigTest.php
@ -24,6 +24,7 @@
 namespace Tests\Richdocuments;
 use OCA\Richdocuments\AppConfig;
 use OCP\App\IAppManager;
 use OCP\IConfig;
 use PHPUnit\Framework\MockObject\MockObject;
 use Test\TestCase;
@ -33,11 +34,13 @@ class AppConfigTest extends TestCase {
 	private $config;
 	/** @var AppConfig */
 	private $appConfig;
-	
+
 	public function setUp(): void {
 		parent::setUp();
 		$this->config = $this->createMock(IConfig::class);
-		$this->appConfig = new AppConfig($this->config);
+		$this->appManager = $this->createMock(IAppManager::class);
 		$this->appConfig = new AppConfig($this->config, $this->appManager, $this->createMock(\OCP\GlobalScale\IConfig::class));
 	}
 	public function testGetAppValueArrayWithValues() {
--- a/tests/lib/Listener/AddContentSecurityPolicyListenerTest.php
+++ b/tests/lib/Listener/AddContentSecurityPolicyListenerTest.php
@ -26,19 +26,23 @@ declare(strict_types=1);
 use OC\Security\CSP\ContentSecurityPolicyManager;
 use OCA\Richdocuments\AppConfig;
-use OCA\Richdocuments\Listener\CSPListener;
+use OCA\Richdocuments\Listener\AddContentSecurityPolicyListener;
 use OCA\Richdocuments\Service\FederationService;
 use OCP\App\IAppManager;
 use OCP\AppFramework\Http\ContentSecurityPolicy;
 use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\GlobalScale\IConfig as GlobalScaleConfig;
 use OCP\IConfig;
 use OCP\IRequest;
 use OCP\Security\CSP\AddContentSecurityPolicyEvent;
 use PHPUnit\Framework\MockObject\MockObject;
-use PHPUnit\Framework\TestCase;
+use Test\TestCase;
-class CSPListenerTest extends TestCase {
+/**
 * @group DB
 */
 class AddContentSecurityPolicyListenerTest extends TestCase {
 	/** @var IRequest|MockObject */
 	private $request;
 	/** @var AppConfig|MockObject */
@ -49,23 +53,31 @@ class CSPListenerTest extends TestCase {
 	private $gsConfig;
 	/** @var FederationService|MockObject */
 	private $federationService;
-	private CSPListener $listener;
+	private AddContentSecurityPolicyListener $listener;
 	public function setUp(): void {
 		parent::setUp();
 		$this->request = $this->createMock(IRequest::class);
 		$this->config = $this->createMock(AppConfig::class);
 		$this->appManager = $this->createMock(IAppManager::class);
 		$this->gsConfig = $this->createMock(GlobalScaleConfig::class);
 		$this->federationService = $this->createMock(FederationService::class);
-		$this->listener = new CSPListener(
+		$this->overwriteService(FederationService::class, $this->federationService);
 		$this->request = $this->createMock(IRequest::class);
 		$this->config = $this->getMockBuilder(AppConfig::class)
 			->setConstructorArgs([
 				$this->createMock(IConfig::class),
 				$this->appManager,
 				$this->gsConfig,
 			])
 			->onlyMethods(['getCollaboraUrlPublic', 'getGlobalScaleTrustedHosts'])
 			->getMock();
 		$this->listener = new AddContentSecurityPolicyListener(
 			$this->request,
 			$this->config,
 			$this->appManager,
 			$this->federationService,
 			$this->gsConfig
 		);
 	}