mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

frame-src doesn't respect the nonce attribute 

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2019-08-16 21:29:57 +02:00
parent 6db355848b
commit c4cafae884
No known key found for this signature in database
GPG Key ID: F941078878347C0C
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
View File

@ -494,9 +494,6 @@ class EmptyContentSecurityPolicy {
if(!empty($this->allowedFrameDomains)) {
$policy .= 'frame-src ';
if(is_string($this->useJsNonce)) {
$policy .= '\'nonce-' . base64_encode($this->useJsNonce) . '\' ';
}
$policy .= implode(' ', $this->allowedFrameDomains);
$policy .= ';';
}