Merge pull request #16766 from nextcloud/fix/frame-src/no-nonce
frame-src doesn't respect the nonce attribute
This commit is contained in:
commit
e6c225a3f3
|
@ -494,9 +494,6 @@ class EmptyContentSecurityPolicy {
|
||||||
|
|
||||||
if(!empty($this->allowedFrameDomains)) {
|
if(!empty($this->allowedFrameDomains)) {
|
||||||
$policy .= 'frame-src ';
|
$policy .= 'frame-src ';
|
||||||
if(is_string($this->useJsNonce)) {
|
|
||||||
$policy .= '\'nonce-' . base64_encode($this->useJsNonce) . '\' ';
|
|
||||||
}
|
|
||||||
$policy .= implode(' ', $this->allowedFrameDomains);
|
$policy .= implode(' ', $this->allowedFrameDomains);
|
||||||
$policy .= ';';
|
$policy .= ';';
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue