Make OC\Security\CSP strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
parent
c85c64c787
commit
4ed9b74a6b
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
|
@ -33,147 +34,147 @@ class ContentSecurityPolicy extends \OCP\AppFramework\Http\ContentSecurityPolicy
|
|||
/**
|
||||
* @return boolean
|
||||
*/
|
||||
public function isInlineScriptAllowed() {
|
||||
public function isInlineScriptAllowed(): bool {
|
||||
return $this->inlineScriptAllowed;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param boolean $inlineScriptAllowed
|
||||
*/
|
||||
public function setInlineScriptAllowed($inlineScriptAllowed) {
|
||||
public function setInlineScriptAllowed(bool $inlineScriptAllowed) {
|
||||
$this->inlineScriptAllowed = $inlineScriptAllowed;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return boolean
|
||||
*/
|
||||
public function isEvalScriptAllowed() {
|
||||
public function isEvalScriptAllowed(): bool {
|
||||
return $this->evalScriptAllowed;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param boolean $evalScriptAllowed
|
||||
*/
|
||||
public function setEvalScriptAllowed($evalScriptAllowed) {
|
||||
public function setEvalScriptAllowed(bool $evalScriptAllowed) {
|
||||
$this->evalScriptAllowed = $evalScriptAllowed;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
public function getAllowedScriptDomains() {
|
||||
public function getAllowedScriptDomains(): array {
|
||||
return $this->allowedScriptDomains;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $allowedScriptDomains
|
||||
*/
|
||||
public function setAllowedScriptDomains($allowedScriptDomains) {
|
||||
public function setAllowedScriptDomains(array $allowedScriptDomains) {
|
||||
$this->allowedScriptDomains = $allowedScriptDomains;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return boolean
|
||||
*/
|
||||
public function isInlineStyleAllowed() {
|
||||
public function isInlineStyleAllowed(): bool {
|
||||
return $this->inlineStyleAllowed;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param boolean $inlineStyleAllowed
|
||||
*/
|
||||
public function setInlineStyleAllowed($inlineStyleAllowed) {
|
||||
public function setInlineStyleAllowed(bool $inlineStyleAllowed) {
|
||||
$this->inlineStyleAllowed = $inlineStyleAllowed;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
public function getAllowedStyleDomains() {
|
||||
public function getAllowedStyleDomains(): array {
|
||||
return $this->allowedStyleDomains;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $allowedStyleDomains
|
||||
*/
|
||||
public function setAllowedStyleDomains($allowedStyleDomains) {
|
||||
public function setAllowedStyleDomains(array $allowedStyleDomains) {
|
||||
$this->allowedStyleDomains = $allowedStyleDomains;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
public function getAllowedImageDomains() {
|
||||
public function getAllowedImageDomains(): array {
|
||||
return $this->allowedImageDomains;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $allowedImageDomains
|
||||
*/
|
||||
public function setAllowedImageDomains($allowedImageDomains) {
|
||||
public function setAllowedImageDomains(array $allowedImageDomains) {
|
||||
$this->allowedImageDomains = $allowedImageDomains;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
public function getAllowedConnectDomains() {
|
||||
public function getAllowedConnectDomains(): array {
|
||||
return $this->allowedConnectDomains;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $allowedConnectDomains
|
||||
*/
|
||||
public function setAllowedConnectDomains($allowedConnectDomains) {
|
||||
public function setAllowedConnectDomains(array $allowedConnectDomains) {
|
||||
$this->allowedConnectDomains = $allowedConnectDomains;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
public function getAllowedMediaDomains() {
|
||||
public function getAllowedMediaDomains(): array {
|
||||
return $this->allowedMediaDomains;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $allowedMediaDomains
|
||||
*/
|
||||
public function setAllowedMediaDomains($allowedMediaDomains) {
|
||||
public function setAllowedMediaDomains(array $allowedMediaDomains) {
|
||||
$this->allowedMediaDomains = $allowedMediaDomains;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
public function getAllowedObjectDomains() {
|
||||
public function getAllowedObjectDomains(): array {
|
||||
return $this->allowedObjectDomains;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $allowedObjectDomains
|
||||
*/
|
||||
public function setAllowedObjectDomains($allowedObjectDomains) {
|
||||
public function setAllowedObjectDomains(array $allowedObjectDomains) {
|
||||
$this->allowedObjectDomains = $allowedObjectDomains;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
public function getAllowedFrameDomains() {
|
||||
public function getAllowedFrameDomains(): array {
|
||||
return $this->allowedFrameDomains;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $allowedFrameDomains
|
||||
*/
|
||||
public function setAllowedFrameDomains($allowedFrameDomains) {
|
||||
public function setAllowedFrameDomains(array $allowedFrameDomains) {
|
||||
$this->allowedFrameDomains = $allowedFrameDomains;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
public function getAllowedFontDomains() {
|
||||
public function getAllowedFontDomains(): array {
|
||||
return $this->allowedFontDomains;
|
||||
}
|
||||
|
||||
|
@ -187,7 +188,7 @@ class ContentSecurityPolicy extends \OCP\AppFramework\Http\ContentSecurityPolicy
|
|||
/**
|
||||
* @return array
|
||||
*/
|
||||
public function getAllowedChildSrcDomains() {
|
||||
public function getAllowedChildSrcDomains(): array {
|
||||
return $this->allowedChildSrcDomains;
|
||||
}
|
||||
|
||||
|
@ -201,7 +202,7 @@ class ContentSecurityPolicy extends \OCP\AppFramework\Http\ContentSecurityPolicy
|
|||
/**
|
||||
* @return array
|
||||
*/
|
||||
public function getAllowedFrameAncestors() {
|
||||
public function getAllowedFrameAncestors(): array {
|
||||
return $this->allowedFrameAncestors;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
|
@ -41,7 +42,7 @@ class ContentSecurityPolicyManager implements IContentSecurityPolicyManager {
|
|||
*
|
||||
* @return ContentSecurityPolicy
|
||||
*/
|
||||
public function getDefaultPolicy() {
|
||||
public function getDefaultPolicy(): ContentSecurityPolicy {
|
||||
$defaultPolicy = new \OC\Security\CSP\ContentSecurityPolicy();
|
||||
foreach($this->policies as $policy) {
|
||||
$defaultPolicy = $this->mergePolicies($defaultPolicy, $policy);
|
||||
|
@ -57,14 +58,14 @@ class ContentSecurityPolicyManager implements IContentSecurityPolicyManager {
|
|||
* @return ContentSecurityPolicy
|
||||
*/
|
||||
public function mergePolicies(ContentSecurityPolicy $defaultPolicy,
|
||||
EmptyContentSecurityPolicy $originalPolicy) {
|
||||
EmptyContentSecurityPolicy $originalPolicy): ContentSecurityPolicy {
|
||||
foreach((object)(array)$originalPolicy as $name => $value) {
|
||||
$setter = 'set'.ucfirst($name);
|
||||
if(is_array($value)) {
|
||||
if(\is_array($value)) {
|
||||
$getter = 'get'.ucfirst($name);
|
||||
$currentValues = is_array($defaultPolicy->$getter()) ? $defaultPolicy->$getter() : [];
|
||||
$currentValues = \is_array($defaultPolicy->$getter()) ? $defaultPolicy->$getter() : [];
|
||||
$defaultPolicy->$setter(array_values(array_unique(array_merge($currentValues, $value))));
|
||||
} elseif (is_bool($value)) {
|
||||
} elseif (\is_bool($value)) {
|
||||
$defaultPolicy->$setter($value);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
/**
|
||||
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
|
@ -55,7 +56,7 @@ class ContentSecurityPolicyNonceManager {
|
|||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getNonce() {
|
||||
public function getNonce(): string {
|
||||
if($this->nonce === '') {
|
||||
$this->nonce = base64_encode($this->csrfTokenManager->getToken()->getEncryptedValue());
|
||||
}
|
||||
|
@ -68,7 +69,7 @@ class ContentSecurityPolicyNonceManager {
|
|||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function browserSupportsCspV3() {
|
||||
public function browserSupportsCspV3(): bool {
|
||||
$browserWhitelist = [
|
||||
Request::USER_AGENT_CHROME,
|
||||
// Firefox 45+
|
||||
|
|
Loading…
Reference in New Issue