From b6255d91c31e873b764b0c74e1a127225f5daebd Mon Sep 17 00:00:00 2001
From: Jean-Philippe Pialasse <jpp@koozali.org>
Date: Fri, 3 Jan 2025 14:48:56 -0500
Subject: [PATCH] * Fri Jan 03 2025 Jean-Philippe Pialasse <jpp@koozali.org>
 1.6-5.sme - set more relaxed CSP for roundcube [SME: 12861]

---
 .../conf/httpd.conf/VirtualHosts/30RoundcubeWebmailAliases  | 6 ++++++
 smeserver-roundcube.spec                                    | 5 ++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30RoundcubeWebmailAliases b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30RoundcubeWebmailAliases
index c94845f..82e340c 100644
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30RoundcubeWebmailAliases
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30RoundcubeWebmailAliases
@@ -23,6 +23,12 @@
         } else {
             $OUT .= "    Alias       /$place   $dirs{$place}\n";
         }
+
+        $OUT .= "    <Location '/$place'>\n";
+        # strict CSP not yet supported see https://github.com/roundcube/roundcubemail/issues/6202 and few others
+        $OUT .= "       Header set Content-Security-Policy \"default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self'; frame-src 'self'; connect-src 'self'; frame-ancestors 'self'; base-uri 'self'; form-action 'self';\"\n";
+        $OUT .= "    </Location>\n";
+
     }
 }
 
diff --git a/smeserver-roundcube.spec b/smeserver-roundcube.spec
index d778bc5..39afc9d 100644
--- a/smeserver-roundcube.spec
+++ b/smeserver-roundcube.spec
@@ -1,6 +1,6 @@
 %define name smeserver-roundcube
 %define version 1.6
-%define release 4
+%define release 5
 
 Summary: smserver rpm to setup roundcube, an IMAP mail client
 Name: %{name}
@@ -85,6 +85,9 @@ fi
 %attr(755,root,root) /usr/bin/rcplugin_update.sh
 
 %changelog
+* Fri Jan 03 2025 Jean-Philippe Pialasse <jpp@koozali.org> 1.6-5.sme
+- set more relaxed CSP for roundcube [SME: 12861]
+
 * Sat Dec 14 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.6-4.sme
 - fix roundcube not working on initial install [SME: 12812]