From a6eb3a915cd8d7c553148e983babec9458109138 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Tue, 21 Nov 2023 15:26:17 +0000
Subject: [PATCH 1/3] hack to get this up and working
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I6d3d273f59f58a0c3b2027039dcc7de95ad971b9
---
 browser/src/main.js | 11 ++++++++---
 wasm/wasmapp.cpp    | 24 +++++++++++-------------
 wsd/FileServer.cpp  |  2 ++
 3 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/browser/src/main.js b/browser/src/main.js
index 8b7eed52b7834..f94e3f91ee3e7 100644
--- a/browser/src/main.js
+++ b/browser/src/main.js
@@ -1,6 +1,6 @@
 /* -*- js-indent-level: 8 -*- */
 /* global errorMessages getParameterByName accessToken accessTokenTTL accessHeader createOnlineModule */
-/* global app L host idleTimeoutSecs outOfFocusTimeoutSecs _ */
+/* global app $ L host idleTimeoutSecs outOfFocusTimeoutSecs _ */
 /*eslint indent: [error, "tab", { "outerIIFEBody": 0 }]*/
 (function (global) {
 
@@ -81,6 +81,11 @@ app.map = map;
 app.idleHandler.map = map;
 
 if (window.ThisIsTheEmscriptenApp) {
+	var docParamsString = $.param(docParams);
+	// The URL may already contain a query (e.g., 'http://server.tld/foo/wopi/files/bar?desktop=baz') - then just append more params
+	var docParamsPart = docParamsString ? (docURL.includes('?') ? '&' : '?') + docParamsString : '';
+	var encodedWOPI = encodeURIComponent(docURL + docParamsPart);
+
 	var Module = {
 		onRuntimeInitialized: function() {
 			map.loadDocument(global.socket);
@@ -93,8 +98,8 @@ if (window.ThisIsTheEmscriptenApp) {
 			if (arguments.length > 1) text = Array.prototype.slice.call(arguments).join(' ');
 			console.error(text);
 		},
-		arguments_: [docURL],
-		arguments: [docURL],
+		arguments_: [docURL, encodedWOPI, isWopi ? 'true' : 'false'],
+		arguments: [docURL, encodedWOPI, isWopi ? 'true' : 'false'],
 	};
 	createOnlineModule(Module);
 	app.HandleCOOLMessage = Module['_handle_cool_message'];
diff --git a/wasm/wasmapp.cpp b/wasm/wasmapp.cpp
index 1a3d768abee13..49185d144517c 100644
--- a/wasm/wasmapp.cpp
+++ b/wasm/wasmapp.cpp
@@ -251,19 +251,17 @@ int main(int argc, char* argv_main[])
     std::thread(
         [&]
         {
-            // const std::string url = "/wasm/" + std::string(argv_main[1]);
-            // const std::string url =
-            //     "/wasm/"
-            //     "https%3A%2F%2Flocalhost%2Fnextcloud%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%"
-            //     "2Ffiles%2F8725_ocqiesh0cngs%3Faccess_token%3Daz5tjYv83wvhtpVbhuFXrTkss6gB1GDZ%"
-            //     "26access_token_ttl%3D0";
-
-            //DOCX
-            const std::string url =
-                "/wasm/"
-                "https%3A%2F%2Flocalhost%2Fnextcloud%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%"
-                "2Ffiles%2F8991_ocqiesh0cngs%3Faccess_token%3Dz4N7CViCj1pps28EVlG4dmxEMe62P7yo%"
-                "26access_token_ttl%3D0";
+            const std::string docURL = std::string(argv_main[1]);
+            const std::string encodedWOPI = std::string(argv_main[2]);
+            const std::string isWOPI = std::string(argv_main[3]);
+
+            std::string url;
+            if (isWOPI == "true")
+                url = "/wasm/" + encodedWOPI;
+            else
+                url = docURL + "/contents";
+
+            printf("isWOPI is %s: Fetching from url %s\n", isWOPI.c_str(), url.c_str());
 
             emscripten_fetch_attr_t attr;
             emscripten_fetch_attr_init(&attr);
diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp
index f740f5f3742c2..3eecdd578c5b1 100644
--- a/wsd/FileServer.cpp
+++ b/wsd/FileServer.cpp
@@ -660,6 +660,7 @@ void FileServerRequestHandler::handleRequest(const HTTPRequest& request,
             {
                 response.add("Cross-Origin-Opener-Policy", "same-origin");
                 response.add("Cross-Origin-Embedder-Policy", "require-corp");
+                response.add("Cross-Origin-Resource-Policy", "cross-origin");
             }
 
             const bool brotli = request.hasToken("Accept-Encoding", "br");
@@ -1257,6 +1258,7 @@ void FileServerRequestHandler::preprocessFile(const HTTPRequest& request,
         LOG_ASSERT(COOLWSD::WASMState != COOLWSD::WASMActivationState::Disabled);
         oss << "Cross-Origin-Opener-Policy: same-origin\r\n";
         oss << "Cross-Origin-Embedder-Policy: require-corp\r\n";
+        oss << "Cross-Origin-Resource-Policy: cross-origin\r\n";
 
         csp.appendDirective("script-src", "'unsafe-eval'");
     }

From cbfe027f126405abc5b7dccf32fbc6e1962f7467 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Tue, 21 Nov 2023 15:38:08 +0000
Subject: [PATCH 2/3] we want %ACCESS_TOKEN%, etc to exist for wasm
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I58f187c28c158e80fbe97290bb802b3481a44de9
---
 browser/html/cool.html.m4 | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/browser/html/cool.html.m4 b/browser/html/cool.html.m4
index d51d3970e272b..153a10c5cae58 100644
--- a/browser/html/cool.html.m4
+++ b/browser/html/cool.html.m4
@@ -334,9 +334,14 @@ m4_ifelse(MOBILEAPP,[true],
       // would expand the %FOO% things. But it seems that window.versionPath is not used in the
       // mobile apps anyway.
       // window.versionPath = 'UNKNOWN';
-      window.accessToken = '';
-      window.accessTokenTTL = '';
-      window.accessHeader = '';
+      m4_ifelse(EMSCRIPTENAPP,[true],
+              [window.accessToken = '%ACCESS_TOKEN%';
+              window.accessTokenTTL = '%ACCESS_TOKEN_TTL%';
+              window.accessHeader = '%ACCESS_HEADER%';],
+              [window.accessToken = '';
+              window.accessTokenTTL = '';
+              window.accessHeader = '';]
+      )
       window.postMessageOriginExt = '';
       window.coolLogging = 'true';
       window.enableWelcomeMessage = false;

From f648d4d890bdd0a68797c40ff8b1215a53ffeea2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Tue, 21 Nov 2023 21:02:11 +0000
Subject: [PATCH 3/3] need this even if we want to not serve wasm if the
 headers exist in richdocuments
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I310894e5a72002406eff77b07af76c2b048ffacc
---
 wsd/FileServer.cpp | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp
index 3eecdd578c5b1..dc1fcd40d70be 100644
--- a/wsd/FileServer.cpp
+++ b/wsd/FileServer.cpp
@@ -1252,14 +1252,19 @@ void FileServerRequestHandler::preprocessFile(const HTTPRequest& request,
         "X-XSS-Protection: 1; mode=block\r\n"
         "Referrer-Policy: no-referrer\r\n";
 
+    // if we have richdocuments with:
+    // addHeader('Cross-Origin-Opener-Policy', 'same-origin');
+    // addHeader('Cross-Origin-Embedder-Policy', 'require-corp');
+    // then we seem to have to have this to avoid
+    // NS_ERROR_DOM_CORP_FAILED
+    oss << "Cross-Origin-Opener-Policy: same-origin\r\n";
+    oss << "Cross-Origin-Embedder-Policy: require-corp\r\n";
+    oss << "Cross-Origin-Resource-Policy: cross-origin\r\n";
+
     const bool wasm = (relPath.find("wasm") != std::string::npos);
     if (wasm)
     {
         LOG_ASSERT(COOLWSD::WASMState != COOLWSD::WASMActivationState::Disabled);
-        oss << "Cross-Origin-Opener-Policy: same-origin\r\n";
-        oss << "Cross-Origin-Embedder-Policy: require-corp\r\n";
-        oss << "Cross-Origin-Resource-Policy: cross-origin\r\n";
-
         csp.appendDirective("script-src", "'unsafe-eval'");
     }