diff --git a/src/apps.js b/src/apps.js index 90fe4f198..08c88c427 100644 --- a/src/apps.js +++ b/src/apps.js @@ -442,7 +442,8 @@ function install(data, auditSource, callback) { key = data.key || null, memoryLimit = data.memoryLimit || 0, altDomain = data.altDomain || null, - xFrameOptions = data.xFrameOptions || 'SAMEORIGIN'; + xFrameOptions = data.xFrameOptions || 'SAMEORIGIN', + oauthProxy = data.oauthProxy === true; assert(data.appStoreId || data.manifest); // atleast one of them is required @@ -498,7 +499,8 @@ function install(data, auditSource, callback) { accessRestriction: accessRestriction, memoryLimit: memoryLimit, altDomain: altDomain, - xFrameOptions: xFrameOptions + xFrameOptions: xFrameOptions, + oauthProxy: oauthProxy }; appdb.add(appId, appStoreId, manifest, location, portBindings, data, function (error) { diff --git a/src/routes/apps.js b/src/routes/apps.js index 762cc3ecc..a867509de 100644 --- a/src/routes/apps.js +++ b/src/routes/apps.js @@ -124,6 +124,8 @@ function installApp(req, res, next) { if (data.xFrameOptions && typeof data.xFrameOptions !== 'string') return next(new HttpError(400, 'xFrameOptions must be a string')); + if ('oauthProxy' in data && typeof data.oauthProxy !== 'boolean') return next(new HttpError(400, 'oauthProxy must be a boolean')); + debug('Installing app :%j', data); apps.install(data, auditSource(req), function (error, app) { @@ -161,6 +163,8 @@ function configureApp(req, res, next) { if (data.altDomain && typeof data.altDomain !== 'string') return next(new HttpError(400, 'altDomain must be a string')); if (data.xFrameOptions && typeof data.xFrameOptions !== 'string') return next(new HttpError(400, 'xFrameOptions must be a string')); + if ('oauthProxy' in data && typeof data.oauthProxy !== 'boolean') return next(new HttpError(400, 'oauthProxy must be a boolean')); + debug('Configuring app id:%s data:%j', req.params.id, data); apps.configure(req.params.id, data, auditSource(req), function (error) {