Merge pull request #4091 from nextcloud/Rudloff-manifest
Web app manifest for adding to Android home screen
This commit is contained in:
Morris Jobke
GitHub
commit
05f2596311
|
|
@ -14,7 +14,7 @@ Feature: sharing
|
||||||
Then the OCS status code should be "100"
|
Then the OCS status code should be "100"
|
||||||
And the HTTP status code should be "200"
|
And the HTTP status code should be "200"
|
||||||
And The following headers should be set
|
And The following headers should be set
|
||||||
| Content-Security-Policy | default-src 'none';base-uri 'none' |
|
| Content-Security-Policy | default-src 'none';base-uri 'none';manifest-src 'self' |
|
||||||
|
|
||||||
Scenario: Creating a share with a group
|
Scenario: Creating a share with a group
|
||||||
Given user "user0" exists
|
Given user "user0" exists
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "Nextcloud",
|
||||||
|
"start_url": "../../",
|
||||||
|
"icons": [{
|
||||||
|
"src": "favicon-touch.png",
|
||||||
|
"type": "image/png",
|
||||||
|
"sizes": "128x128"
|
||||||
|
}, {
|
||||||
|
"src": "favicon-mask.svg",
|
||||||
|
"type": "image/svg+xml",
|
||||||
|
"sizes": "16x16"
|
||||||
|
}],
|
||||||
|
"display": "standalone"
|
||||||
|
}
|
||||||
|
|
@ -20,6 +20,7 @@
|
||||||
<link rel="icon" href="<?php print_unescaped(image_path($_['appid'], 'favicon.ico')); /* IE11+ supports png */ ?>">
|
<link rel="icon" href="<?php print_unescaped(image_path($_['appid'], 'favicon.ico')); /* IE11+ supports png */ ?>">
|
||||||
<link rel="apple-touch-icon-precomposed" href="<?php print_unescaped(image_path($_['appid'], 'favicon-touch.png')); ?>">
|
<link rel="apple-touch-icon-precomposed" href="<?php print_unescaped(image_path($_['appid'], 'favicon-touch.png')); ?>">
|
||||||
<link rel="mask-icon" sizes="any" href="<?php print_unescaped(image_path($_['appid'], 'favicon-mask.svg')); ?>" color="<?php p($theme->getMailHeaderColor()); ?>">
|
<link rel="mask-icon" sizes="any" href="<?php print_unescaped(image_path($_['appid'], 'favicon-mask.svg')); ?>" color="<?php p($theme->getMailHeaderColor()); ?>">
|
||||||
|
<link rel="manifest" href="<?php print_unescaped(image_path($_['appid'], 'manifest.json')); ?>">
|
||||||
<?php if (isset($_['inline_ocjs'])): ?>
|
<?php if (isset($_['inline_ocjs'])): ?>
|
||||||
<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" type="text/javascript">
|
<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" type="text/javascript">
|
||||||
<?php print_unescaped($_['inline_ocjs']); ?>
|
<?php print_unescaped($_['inline_ocjs']); ?>
|
||||||
|
|
|
||||||
|
|
@ -336,6 +336,7 @@ class EmptyContentSecurityPolicy {
|
||||||
public function buildPolicy() {
|
public function buildPolicy() {
|
||||||
$policy = "default-src 'none';";
|
$policy = "default-src 'none';";
|
||||||
$policy .= "base-uri 'none';";
|
$policy .= "base-uri 'none';";
|
||||||
|
$policy .= "manifest-src 'self';";
|
||||||
|
|
||||||
if(!empty($this->allowedScriptDomains) || $this->inlineScriptAllowed || $this->evalScriptAllowed) {
|
if(!empty($this->allowedScriptDomains) || $this->inlineScriptAllowed || $this->evalScriptAllowed) {
|
||||||
$policy .= 'script-src ';
|
$policy .= 'script-src ';
|
||||||
|
|
|
||||||
|
|
@ -184,7 +184,7 @@ class ControllerTest extends \Test\TestCase {
|
||||||
'test' => 'something',
|
'test' => 'something',
|
||||||
'Cache-Control' => 'no-cache, no-store, must-revalidate',
|
'Cache-Control' => 'no-cache, no-store, must-revalidate',
|
||||||
'Content-Type' => 'application/json; charset=utf-8',
|
'Content-Type' => 'application/json; charset=utf-8',
|
||||||
'Content-Security-Policy' => "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'",
|
'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'",
|
||||||
];
|
];
|
||||||
|
|
||||||
$response = $this->controller->customDataResponse(array('hi'));
|
$response = $this->controller->customDataResponse(array('hi'));
|
||||||
|
|
|
||||||
|
|
@ -28,19 +28,19 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDefault() {
|
public function testGetPolicyDefault() {
|
||||||
$defaultPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$defaultPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
$this->assertSame($defaultPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($defaultPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyScriptDomainValid() {
|
public function testGetPolicyScriptDomainValid() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' www.owncloud.com 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' www.owncloud.com 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyScriptDomainValidMultiple() {
|
public function testGetPolicyScriptDomainValidMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' www.owncloud.com www.owncloud.org 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' www.owncloud.com www.owncloud.org 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.org');
|
||||||
|
|
@ -48,7 +48,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowScriptDomain() {
|
public function testGetPolicyDisallowScriptDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.com');
|
||||||
|
|
@ -56,7 +56,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowScriptDomainMultiple() {
|
public function testGetPolicyDisallowScriptDomainMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' www.owncloud.com 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' www.owncloud.com 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.org');
|
||||||
|
|
@ -64,7 +64,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowScriptDomainMultipleStacked() {
|
public function testGetPolicyDisallowScriptDomainMultipleStacked() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.org')->disallowScriptDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.org')->disallowScriptDomain('www.owncloud.com');
|
||||||
|
|
@ -72,14 +72,14 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyScriptAllowInline() {
|
public function testGetPolicyScriptAllowInline() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->allowInlineScript(true);
|
$this->contentSecurityPolicy->allowInlineScript(true);
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyScriptAllowInlineWithDomain() {
|
public function testGetPolicyScriptAllowInlineWithDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' www.owncloud.com 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' www.owncloud.com 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->allowInlineScript(true);
|
$this->contentSecurityPolicy->allowInlineScript(true);
|
||||||
|
|
@ -87,7 +87,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyScriptDisallowInlineAndEval() {
|
public function testGetPolicyScriptDisallowInlineAndEval() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->allowInlineScript(false);
|
$this->contentSecurityPolicy->allowInlineScript(false);
|
||||||
$this->contentSecurityPolicy->allowEvalScript(false);
|
$this->contentSecurityPolicy->allowEvalScript(false);
|
||||||
|
|
@ -95,14 +95,14 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyStyleDomainValid() {
|
public function testGetPolicyStyleDomainValid() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' www.owncloud.com 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' www.owncloud.com 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyStyleDomainValidMultiple() {
|
public function testGetPolicyStyleDomainValidMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' www.owncloud.com www.owncloud.org 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' www.owncloud.com www.owncloud.org 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.org');
|
||||||
|
|
@ -110,7 +110,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowStyleDomain() {
|
public function testGetPolicyDisallowStyleDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.com');
|
||||||
|
|
@ -118,7 +118,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowStyleDomainMultiple() {
|
public function testGetPolicyDisallowStyleDomainMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' www.owncloud.com 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' www.owncloud.com 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.org');
|
||||||
|
|
@ -126,7 +126,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowStyleDomainMultipleStacked() {
|
public function testGetPolicyDisallowStyleDomainMultipleStacked() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.org')->disallowStyleDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.org')->disallowStyleDomain('www.owncloud.com');
|
||||||
|
|
@ -134,35 +134,35 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyStyleAllowInline() {
|
public function testGetPolicyStyleAllowInline() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->allowInlineStyle(true);
|
$this->contentSecurityPolicy->allowInlineStyle(true);
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyStyleAllowInlineWithDomain() {
|
public function testGetPolicyStyleAllowInlineWithDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' www.owncloud.com 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' www.owncloud.com 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyStyleDisallowInline() {
|
public function testGetPolicyStyleDisallowInline() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->allowInlineStyle(false);
|
$this->contentSecurityPolicy->allowInlineStyle(false);
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyImageDomainValid() {
|
public function testGetPolicyImageDomainValid() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: www.owncloud.com;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: www.owncloud.com;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyImageDomainValidMultiple() {
|
public function testGetPolicyImageDomainValidMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: www.owncloud.com www.owncloud.org;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: www.owncloud.com www.owncloud.org;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.org');
|
||||||
|
|
@ -170,7 +170,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowImageDomain() {
|
public function testGetPolicyDisallowImageDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowImageDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowImageDomain('www.owncloud.com');
|
||||||
|
|
@ -178,7 +178,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowImageDomainMultiple() {
|
public function testGetPolicyDisallowImageDomainMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: www.owncloud.com;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: www.owncloud.com;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowImageDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->disallowImageDomain('www.owncloud.org');
|
||||||
|
|
@ -186,7 +186,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowImageDomainMultipleStakes() {
|
public function testGetPolicyDisallowImageDomainMultipleStakes() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowImageDomain('www.owncloud.org')->disallowImageDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowImageDomain('www.owncloud.org')->disallowImageDomain('www.owncloud.com');
|
||||||
|
|
@ -194,14 +194,14 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyFontDomainValid() {
|
public function testGetPolicyFontDomainValid() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' www.owncloud.com;connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' www.owncloud.com;connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyFontDomainValidMultiple() {
|
public function testGetPolicyFontDomainValidMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' www.owncloud.com www.owncloud.org;connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' www.owncloud.com www.owncloud.org;connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.org');
|
||||||
|
|
@ -209,7 +209,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowFontDomain() {
|
public function testGetPolicyDisallowFontDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowFontDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowFontDomain('www.owncloud.com');
|
||||||
|
|
@ -217,7 +217,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowFontDomainMultiple() {
|
public function testGetPolicyDisallowFontDomainMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' www.owncloud.com;connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' www.owncloud.com;connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowFontDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->disallowFontDomain('www.owncloud.org');
|
||||||
|
|
@ -225,7 +225,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowFontDomainMultipleStakes() {
|
public function testGetPolicyDisallowFontDomainMultipleStakes() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowFontDomain('www.owncloud.org')->disallowFontDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowFontDomain('www.owncloud.org')->disallowFontDomain('www.owncloud.com');
|
||||||
|
|
@ -233,14 +233,14 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyConnectDomainValid() {
|
public function testGetPolicyConnectDomainValid() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self' www.owncloud.com;media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self' www.owncloud.com;media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyConnectDomainValidMultiple() {
|
public function testGetPolicyConnectDomainValidMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self' www.owncloud.com www.owncloud.org;media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self' www.owncloud.com www.owncloud.org;media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.org');
|
||||||
|
|
@ -248,7 +248,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowConnectDomain() {
|
public function testGetPolicyDisallowConnectDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.com');
|
||||||
|
|
@ -256,7 +256,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowConnectDomainMultiple() {
|
public function testGetPolicyDisallowConnectDomainMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self' www.owncloud.com;media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self' www.owncloud.com;media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.org');
|
||||||
|
|
@ -264,7 +264,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowConnectDomainMultipleStakes() {
|
public function testGetPolicyDisallowConnectDomainMultipleStakes() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.org')->disallowConnectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.org')->disallowConnectDomain('www.owncloud.com');
|
||||||
|
|
@ -272,14 +272,14 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyMediaDomainValid() {
|
public function testGetPolicyMediaDomainValid() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self' www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self' www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyMediaDomainValidMultiple() {
|
public function testGetPolicyMediaDomainValidMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self' www.owncloud.com www.owncloud.org";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self' www.owncloud.com www.owncloud.org";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.org');
|
||||||
|
|
@ -287,7 +287,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowMediaDomain() {
|
public function testGetPolicyDisallowMediaDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.com');
|
||||||
|
|
@ -295,7 +295,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowMediaDomainMultiple() {
|
public function testGetPolicyDisallowMediaDomainMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self' www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self' www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.org');
|
||||||
|
|
@ -303,7 +303,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowMediaDomainMultipleStakes() {
|
public function testGetPolicyDisallowMediaDomainMultipleStakes() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.org')->disallowMediaDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.org')->disallowMediaDomain('www.owncloud.com');
|
||||||
|
|
@ -311,14 +311,14 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyObjectDomainValid() {
|
public function testGetPolicyObjectDomainValid() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';object-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';object-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyObjectDomainValidMultiple() {
|
public function testGetPolicyObjectDomainValidMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';object-src www.owncloud.com www.owncloud.org";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';object-src www.owncloud.com www.owncloud.org";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.org');
|
||||||
|
|
@ -326,7 +326,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowObjectDomain() {
|
public function testGetPolicyDisallowObjectDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.com');
|
||||||
|
|
@ -334,7 +334,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowObjectDomainMultiple() {
|
public function testGetPolicyDisallowObjectDomainMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';object-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';object-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.org');
|
||||||
|
|
@ -342,7 +342,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowObjectDomainMultipleStakes() {
|
public function testGetPolicyDisallowObjectDomainMultipleStakes() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.org')->disallowObjectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.org')->disallowObjectDomain('www.owncloud.com');
|
||||||
|
|
@ -350,14 +350,14 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetAllowedFrameDomain() {
|
public function testGetAllowedFrameDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';frame-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';frame-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyFrameDomainValidMultiple() {
|
public function testGetPolicyFrameDomainValidMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';frame-src www.owncloud.com www.owncloud.org";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';frame-src www.owncloud.com www.owncloud.org";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.org');
|
||||||
|
|
@ -365,7 +365,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowFrameDomain() {
|
public function testGetPolicyDisallowFrameDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.com');
|
||||||
|
|
@ -373,7 +373,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowFrameDomainMultiple() {
|
public function testGetPolicyDisallowFrameDomainMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';frame-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';frame-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.org');
|
||||||
|
|
@ -381,7 +381,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowFrameDomainMultipleStakes() {
|
public function testGetPolicyDisallowFrameDomainMultipleStakes() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.org')->disallowFrameDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.org')->disallowFrameDomain('www.owncloud.com');
|
||||||
|
|
@ -389,14 +389,14 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetAllowedChildSrcDomain() {
|
public function testGetAllowedChildSrcDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';child-src child.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';child-src child.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyChildSrcValidMultiple() {
|
public function testGetPolicyChildSrcValidMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';child-src child.owncloud.com child.owncloud.org";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';child-src child.owncloud.com child.owncloud.org";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.com');
|
||||||
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.org');
|
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.org');
|
||||||
|
|
@ -404,7 +404,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowChildSrcDomain() {
|
public function testGetPolicyDisallowChildSrcDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.com');
|
||||||
|
|
@ -412,7 +412,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowChildSrcDomainMultiple() {
|
public function testGetPolicyDisallowChildSrcDomainMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';child-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';child-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org');
|
||||||
|
|
@ -420,7 +420,7 @@ class ContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowChildSrcDomainMultipleStakes() {
|
public function testGetPolicyDisallowChildSrcDomainMultipleStakes() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org')->disallowChildSrcDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org')->disallowChildSrcDomain('www.owncloud.com');
|
||||||
|
|
|
||||||
|
|
@ -68,7 +68,7 @@ class DataResponseTest extends \Test\TestCase {
|
||||||
|
|
||||||
$expectedHeaders = [
|
$expectedHeaders = [
|
||||||
'Cache-Control' => 'no-cache, no-store, must-revalidate',
|
'Cache-Control' => 'no-cache, no-store, must-revalidate',
|
||||||
'Content-Security-Policy' => "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'",
|
'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'",
|
||||||
];
|
];
|
||||||
$expectedHeaders = array_merge($expectedHeaders, $headers);
|
$expectedHeaders = array_merge($expectedHeaders, $headers);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -28,19 +28,19 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDefault() {
|
public function testGetPolicyDefault() {
|
||||||
$defaultPolicy = "default-src 'none';base-uri 'none'";
|
$defaultPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
$this->assertSame($defaultPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($defaultPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyScriptDomainValid() {
|
public function testGetPolicyScriptDomainValid() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyScriptDomainValidMultiple() {
|
public function testGetPolicyScriptDomainValidMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src www.owncloud.com www.owncloud.org";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src www.owncloud.com www.owncloud.org";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.org');
|
||||||
|
|
@ -48,7 +48,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowScriptDomain() {
|
public function testGetPolicyDisallowScriptDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.com');
|
||||||
|
|
@ -56,7 +56,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowScriptDomainMultiple() {
|
public function testGetPolicyDisallowScriptDomainMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.org');
|
||||||
|
|
@ -64,7 +64,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowScriptDomainMultipleStacked() {
|
public function testGetPolicyDisallowScriptDomainMultipleStacked() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.org')->disallowScriptDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowScriptDomain('www.owncloud.org')->disallowScriptDomain('www.owncloud.com');
|
||||||
|
|
@ -72,14 +72,14 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyScriptAllowInline() {
|
public function testGetPolicyScriptAllowInline() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'unsafe-inline'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'unsafe-inline'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->allowInlineScript(true);
|
$this->contentSecurityPolicy->allowInlineScript(true);
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyScriptAllowInlineWithDomain() {
|
public function testGetPolicyScriptAllowInlineWithDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src www.owncloud.com 'unsafe-inline'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src www.owncloud.com 'unsafe-inline'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->allowInlineScript(true);
|
$this->contentSecurityPolicy->allowInlineScript(true);
|
||||||
|
|
@ -87,7 +87,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyScriptAllowInlineAndEval() {
|
public function testGetPolicyScriptAllowInlineAndEval() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'unsafe-inline' 'unsafe-eval'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'unsafe-inline' 'unsafe-eval'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->allowInlineScript(true);
|
$this->contentSecurityPolicy->allowInlineScript(true);
|
||||||
$this->contentSecurityPolicy->allowEvalScript(true);
|
$this->contentSecurityPolicy->allowEvalScript(true);
|
||||||
|
|
@ -95,14 +95,14 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyStyleDomainValid() {
|
public function testGetPolicyStyleDomainValid() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';style-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyStyleDomainValidMultiple() {
|
public function testGetPolicyStyleDomainValidMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';style-src www.owncloud.com www.owncloud.org";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src www.owncloud.com www.owncloud.org";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.org');
|
||||||
|
|
@ -110,7 +110,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowStyleDomain() {
|
public function testGetPolicyDisallowStyleDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.com');
|
||||||
|
|
@ -118,7 +118,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowStyleDomainMultiple() {
|
public function testGetPolicyDisallowStyleDomainMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';style-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.org');
|
||||||
|
|
@ -126,7 +126,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowStyleDomainMultipleStacked() {
|
public function testGetPolicyDisallowStyleDomainMultipleStacked() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.org')->disallowStyleDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowStyleDomain('www.owncloud.org')->disallowStyleDomain('www.owncloud.com');
|
||||||
|
|
@ -134,14 +134,14 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyStyleAllowInline() {
|
public function testGetPolicyStyleAllowInline() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';style-src 'unsafe-inline'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src 'unsafe-inline'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->allowInlineStyle(true);
|
$this->contentSecurityPolicy->allowInlineStyle(true);
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyStyleAllowInlineWithDomain() {
|
public function testGetPolicyStyleAllowInlineWithDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';style-src www.owncloud.com 'unsafe-inline'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';style-src www.owncloud.com 'unsafe-inline'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedStyleDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->allowInlineStyle(true);
|
$this->contentSecurityPolicy->allowInlineStyle(true);
|
||||||
|
|
@ -149,21 +149,21 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyStyleDisallowInline() {
|
public function testGetPolicyStyleDisallowInline() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->allowInlineStyle(false);
|
$this->contentSecurityPolicy->allowInlineStyle(false);
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyImageDomainValid() {
|
public function testGetPolicyImageDomainValid() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';img-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';img-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyImageDomainValidMultiple() {
|
public function testGetPolicyImageDomainValidMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';img-src www.owncloud.com www.owncloud.org";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';img-src www.owncloud.com www.owncloud.org";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.org');
|
||||||
|
|
@ -171,7 +171,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowImageDomain() {
|
public function testGetPolicyDisallowImageDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowImageDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowImageDomain('www.owncloud.com');
|
||||||
|
|
@ -179,7 +179,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowImageDomainMultiple() {
|
public function testGetPolicyDisallowImageDomainMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';img-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';img-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowImageDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->disallowImageDomain('www.owncloud.org');
|
||||||
|
|
@ -187,7 +187,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowImageDomainMultipleStakes() {
|
public function testGetPolicyDisallowImageDomainMultipleStakes() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedImageDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowImageDomain('www.owncloud.org')->disallowImageDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowImageDomain('www.owncloud.org')->disallowImageDomain('www.owncloud.com');
|
||||||
|
|
@ -195,14 +195,14 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyFontDomainValid() {
|
public function testGetPolicyFontDomainValid() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';font-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';font-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyFontDomainValidMultiple() {
|
public function testGetPolicyFontDomainValidMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';font-src www.owncloud.com www.owncloud.org";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';font-src www.owncloud.com www.owncloud.org";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.org');
|
||||||
|
|
@ -210,7 +210,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowFontDomain() {
|
public function testGetPolicyDisallowFontDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowFontDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowFontDomain('www.owncloud.com');
|
||||||
|
|
@ -218,7 +218,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowFontDomainMultiple() {
|
public function testGetPolicyDisallowFontDomainMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';font-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';font-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowFontDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->disallowFontDomain('www.owncloud.org');
|
||||||
|
|
@ -226,7 +226,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowFontDomainMultipleStakes() {
|
public function testGetPolicyDisallowFontDomainMultipleStakes() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFontDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowFontDomain('www.owncloud.org')->disallowFontDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowFontDomain('www.owncloud.org')->disallowFontDomain('www.owncloud.com');
|
||||||
|
|
@ -234,14 +234,14 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyConnectDomainValid() {
|
public function testGetPolicyConnectDomainValid() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';connect-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';connect-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyConnectDomainValidMultiple() {
|
public function testGetPolicyConnectDomainValidMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';connect-src www.owncloud.com www.owncloud.org";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';connect-src www.owncloud.com www.owncloud.org";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.org');
|
||||||
|
|
@ -249,7 +249,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowConnectDomain() {
|
public function testGetPolicyDisallowConnectDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.com');
|
||||||
|
|
@ -257,7 +257,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowConnectDomainMultiple() {
|
public function testGetPolicyDisallowConnectDomainMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';connect-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';connect-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.org');
|
||||||
|
|
@ -265,7 +265,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowConnectDomainMultipleStakes() {
|
public function testGetPolicyDisallowConnectDomainMultipleStakes() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedConnectDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.org')->disallowConnectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowConnectDomain('www.owncloud.org')->disallowConnectDomain('www.owncloud.com');
|
||||||
|
|
@ -273,14 +273,14 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyMediaDomainValid() {
|
public function testGetPolicyMediaDomainValid() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';media-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';media-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyMediaDomainValidMultiple() {
|
public function testGetPolicyMediaDomainValidMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';media-src www.owncloud.com www.owncloud.org";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';media-src www.owncloud.com www.owncloud.org";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.org');
|
||||||
|
|
@ -288,7 +288,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowMediaDomain() {
|
public function testGetPolicyDisallowMediaDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.com');
|
||||||
|
|
@ -296,7 +296,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowMediaDomainMultiple() {
|
public function testGetPolicyDisallowMediaDomainMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';media-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';media-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.org');
|
||||||
|
|
@ -304,7 +304,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowMediaDomainMultipleStakes() {
|
public function testGetPolicyDisallowMediaDomainMultipleStakes() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.org')->disallowMediaDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowMediaDomain('www.owncloud.org')->disallowMediaDomain('www.owncloud.com');
|
||||||
|
|
@ -312,14 +312,14 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyObjectDomainValid() {
|
public function testGetPolicyObjectDomainValid() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';object-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';object-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyObjectDomainValidMultiple() {
|
public function testGetPolicyObjectDomainValidMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';object-src www.owncloud.com www.owncloud.org";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';object-src www.owncloud.com www.owncloud.org";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.org');
|
||||||
|
|
@ -327,7 +327,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowObjectDomain() {
|
public function testGetPolicyDisallowObjectDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.com');
|
||||||
|
|
@ -335,7 +335,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowObjectDomainMultiple() {
|
public function testGetPolicyDisallowObjectDomainMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';object-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';object-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.org');
|
||||||
|
|
@ -343,7 +343,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowObjectDomainMultipleStakes() {
|
public function testGetPolicyDisallowObjectDomainMultipleStakes() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedObjectDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.org')->disallowObjectDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowObjectDomain('www.owncloud.org')->disallowObjectDomain('www.owncloud.com');
|
||||||
|
|
@ -351,14 +351,14 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetAllowedFrameDomain() {
|
public function testGetAllowedFrameDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';frame-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyFrameDomainValidMultiple() {
|
public function testGetPolicyFrameDomainValidMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';frame-src www.owncloud.com www.owncloud.org";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-src www.owncloud.com www.owncloud.org";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.org');
|
||||||
|
|
@ -366,7 +366,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowFrameDomain() {
|
public function testGetPolicyDisallowFrameDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.com');
|
||||||
|
|
@ -374,7 +374,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowFrameDomainMultiple() {
|
public function testGetPolicyDisallowFrameDomainMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';frame-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';frame-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.org');
|
||||||
|
|
@ -382,7 +382,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowFrameDomainMultipleStakes() {
|
public function testGetPolicyDisallowFrameDomainMultipleStakes() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedFrameDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.org')->disallowFrameDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowFrameDomain('www.owncloud.org')->disallowFrameDomain('www.owncloud.com');
|
||||||
|
|
@ -390,14 +390,14 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetAllowedChildSrcDomain() {
|
public function testGetAllowedChildSrcDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';child-src child.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';child-src child.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.com');
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyChildSrcValidMultiple() {
|
public function testGetPolicyChildSrcValidMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';child-src child.owncloud.com child.owncloud.org";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';child-src child.owncloud.com child.owncloud.org";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.com');
|
||||||
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.org');
|
$this->contentSecurityPolicy->addAllowedChildSrcDomain('child.owncloud.org');
|
||||||
|
|
@ -405,7 +405,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowChildSrcDomain() {
|
public function testGetPolicyDisallowChildSrcDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.com');
|
||||||
|
|
@ -413,7 +413,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowChildSrcDomainMultiple() {
|
public function testGetPolicyDisallowChildSrcDomainMultiple() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';child-src www.owncloud.com";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';child-src www.owncloud.com";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org');
|
$this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org');
|
||||||
|
|
@ -421,7 +421,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyDisallowChildSrcDomainMultipleStakes() {
|
public function testGetPolicyDisallowChildSrcDomainMultipleStakes() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->addAllowedChildSrcDomain('www.owncloud.com');
|
||||||
$this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org')->disallowChildSrcDomain('www.owncloud.com');
|
$this->contentSecurityPolicy->disallowChildSrcDomain('www.owncloud.org')->disallowChildSrcDomain('www.owncloud.com');
|
||||||
|
|
@ -429,7 +429,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyWithJsNonceAndScriptDomains() {
|
public function testGetPolicyWithJsNonceAndScriptDomains() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'nonce-TXlKc05vbmNl' www.nextcloud.com www.nextcloud.org";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-TXlKc05vbmNl' www.nextcloud.com www.nextcloud.org";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.com');
|
$this->contentSecurityPolicy->addAllowedScriptDomain('www.nextcloud.com');
|
||||||
$this->contentSecurityPolicy->useJsNonce('MyJsNonce');
|
$this->contentSecurityPolicy->useJsNonce('MyJsNonce');
|
||||||
|
|
@ -438,7 +438,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyWithJsNonceAndSelfScriptDomain() {
|
public function testGetPolicyWithJsNonceAndSelfScriptDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'nonce-TXlKc05vbmNl'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-TXlKc05vbmNl'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->useJsNonce('MyJsNonce');
|
$this->contentSecurityPolicy->useJsNonce('MyJsNonce');
|
||||||
$this->contentSecurityPolicy->addAllowedScriptDomain("'self'");
|
$this->contentSecurityPolicy->addAllowedScriptDomain("'self'");
|
||||||
|
|
@ -446,7 +446,7 @@ class EmptyContentSecurityPolicyTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetPolicyWithoutJsNonceAndSelfScriptDomain() {
|
public function testGetPolicyWithoutJsNonceAndSelfScriptDomain() {
|
||||||
$expectedPolicy = "default-src 'none';base-uri 'none';script-src 'self'";
|
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self'";
|
||||||
|
|
||||||
$this->contentSecurityPolicy->addAllowedScriptDomain("'self'");
|
$this->contentSecurityPolicy->addAllowedScriptDomain("'self'");
|
||||||
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
|
||||||
|
|
|
||||||
|
|
@ -58,14 +58,14 @@ class ResponseTest extends \Test\TestCase {
|
||||||
|
|
||||||
$this->childResponse->setHeaders($expected);
|
$this->childResponse->setHeaders($expected);
|
||||||
$headers = $this->childResponse->getHeaders();
|
$headers = $this->childResponse->getHeaders();
|
||||||
$expected['Content-Security-Policy'] = "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
$expected['Content-Security-Policy'] = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'";
|
||||||
|
|
||||||
$this->assertEquals($expected, $headers);
|
$this->assertEquals($expected, $headers);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testOverwriteCsp() {
|
public function testOverwriteCsp() {
|
||||||
$expected = [
|
$expected = [
|
||||||
'Content-Security-Policy' => "default-src 'none';base-uri 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self';font-src 'self';connect-src 'self';media-src 'self'",
|
'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self';font-src 'self';connect-src 'self';media-src 'self'",
|
||||||
];
|
];
|
||||||
$policy = new Http\ContentSecurityPolicy();
|
$policy = new Http\ContentSecurityPolicy();
|
||||||
$policy->allowInlineScript(true);
|
$policy->allowInlineScript(true);
|
||||||
|
|
|
||||||
|
|
@ -60,7 +60,7 @@ class ContentSecurityPolicyManagerTest extends \Test\TestCase {
|
||||||
$expected->addAllowedImageDomain('anotherdomain.de');
|
$expected->addAllowedImageDomain('anotherdomain.de');
|
||||||
$expected->addAllowedImageDomain('example.org');
|
$expected->addAllowedImageDomain('example.org');
|
||||||
$expected->addAllowedChildSrcDomain('childdomain');
|
$expected->addAllowedChildSrcDomain('childdomain');
|
||||||
$expectedStringPolicy = 'default-src \'none\';base-uri \'none\';script-src \'self\' \'unsafe-inline\' \'unsafe-eval\';style-src \'self\' \'unsafe-inline\';img-src \'self\' data: blob: anotherdomain.de example.org;font-src \'self\' mydomain.com example.com anotherFontDomain;connect-src \'self\';media-src \'self\';child-src childdomain';
|
$expectedStringPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: anotherdomain.de example.org;font-src 'self' mydomain.com example.com anotherFontDomain;connect-src 'self';media-src 'self';child-src childdomain";
|
||||||
|
|
||||||
$this->assertEquals($expected, $this->contentSecurityPolicyManager->getDefaultPolicy());
|
$this->assertEquals($expected, $this->contentSecurityPolicyManager->getDefaultPolicy());
|
||||||
$this->assertSame($expectedStringPolicy, $this->contentSecurityPolicyManager->getDefaultPolicy()->buildPolicy());
|
$this->assertSame($expectedStringPolicy, $this->contentSecurityPolicyManager->getDefaultPolicy()->buildPolicy());
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue