From bcc8c5340126861a0c288c69bae52cb37141998b Mon Sep 17 00:00:00 2001
From: Anna Larch <anna@nextcloud.com>
Date: Thu, 16 Apr 2026 19:37:44 +0200
Subject: [PATCH] fix: Update CSP API calls for Nextcloud 31 compatibility

Replace removed allowEvalScript() with addAllowedScriptDomain() and
use $_['cspNonce'] instead of removed getContentSecurityPolicyNonceManager().

AI-Assisted-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Anna Larch <anna@nextcloud.com>
---
 lib/Controller/DisplayController.php | 2 +-
 templates/viewer.php                 | 6 +-----
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/lib/Controller/DisplayController.php b/lib/Controller/DisplayController.php
index ad1fa4f..a8f5141 100644
--- a/lib/Controller/DisplayController.php
+++ b/lib/Controller/DisplayController.php
@@ -57,7 +57,7 @@ public function showMindmapViewer(): TemplateResponse {
         $policy->addAllowedFontDomain('data:');
         $policy->addAllowedImageDomain('*');
         $policy->addAllowedConnectDomain('data:');
-        $policy->allowEvalScript(true);
+        $policy->addAllowedScriptDomain('\'unsafe-eval\'');
         $response->setContentSecurityPolicy($policy);
 
         return $response;
diff --git a/templates/viewer.php b/templates/viewer.php
index 510b738..9192df3 100644
--- a/templates/viewer.php
+++ b/templates/viewer.php
@@ -5,11 +5,7 @@
     $urlGenerator = \OC::$server->get(IURLGenerator::class);
     $version = \OC::$server[IAppManager::class]->getAppVersion('files_mindmap');
     $lang = $_['lang'];
-    if (method_exists(\OC::$server, 'getContentSecurityPolicyNonceManager')) {
-        $nonce = \OC::$server->getContentSecurityPolicyNonceManager()->getNonce();
-    } else {
-        $nonce = '';
-    }
+    $nonce = $_['cspNonce'] ?? '';
 ?>
 <!DOCTYPE html>
 <html>