From 71cf92697cf1632803e9e57629504871cad549da Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Sat, 12 Dec 2020 21:11:42 +0100 Subject: [PATCH] Update comment to reflect current CSP policy JS unsafe-eval was removed a long time ago in https://github.com/nextcloud/server/pull/11028 --- lib/public/AppFramework/Http/ContentSecurityPolicy.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/public/AppFramework/Http/ContentSecurityPolicy.php b/lib/public/AppFramework/Http/ContentSecurityPolicy.php index 3a9ab8f8c1..2026376963 100644 --- a/lib/public/AppFramework/Http/ContentSecurityPolicy.php +++ b/lib/public/AppFramework/Http/ContentSecurityPolicy.php @@ -36,7 +36,7 @@ namespace OCP\AppFramework\Http; * notice that Nextcloud ships already with sensible defaults and those policies * should require no modification at all for most use-cases. * - * This class allows unsafe-eval of javascript and unsafe-inline of CSS. + * This class allows unsafe-inline of CSS. * * @since 8.1.0 */