mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
51,158 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

20 Commits

Author SHA1 Message Date
Roeland Jago Douma f94ee72507
Add form-action CSP element 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-31 15:16:10 +02:00
Roeland Jago Douma 417fbb5d60
setting unsafe-eval is deprecated 
This will be removed in a future version of Nextcloud.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-30 16:27:38 +02:00
Sam Bull ea935f65fd
Add support for CSP_NONCE server variable 
Allow passing a nonce from the web server, allowing the possibility to enforce a strict CSP from the web server.

Signed-off-by: Sam Bull <git@sambull.org>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-18 12:16:29 +02:00
Roeland Jago Douma 5ac857bcdc
Add an event to edit the CSP 
This introduces and event that can be listend to when we actually use
the CSP. This means that apps no longer have to always inject their CSP
but only do so when it is required. Yay for being lazy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-08 20:35:15 +02:00
Morris Jobke 39338aaa67
Merge pull request #11914 from nextcloud/csp/report-uri 
Add report-uri to CSP
 2018-10-23 16:42:24 +02:00
Roeland Jago Douma 0fdc65a15c
Add nonce for Safari 12+ 
As far as I can tell this should work now.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-10-21 20:48:12 +02:00
Roeland Jago Douma 579822b6a5
Add report-uri to CSP 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-10-21 13:38:32 +02:00
Roeland Jago Douma 8354c50911
Deprecate the childSrc functions 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-09-04 07:35:44 +02:00
Roeland Jago Douma c8fe4b4fc8
Add workerSrc to CSP 
Fixes #11035

Since the child-src directive is deprecated (we should kill it at some
point) we need to have the proper worker-src available

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-09-04 07:35:44 +02:00
Roeland Jago Douma 4ed9b74a6b
Make OC\Security\CSP strict 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-03-05 15:27:05 +01:00
Morris Jobke 0eebff152a
Update license headers 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-06 16:56:19 +01:00
Thomas Citharel ecf347bd1a Add CSP frame-ancestors support 
Didn't set the @since annotation yet.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2017-09-15 15:23:10 +02:00
Lukas Reschke 7d221ff8f4
Safari CSPv3 support is sub-par 
With 10.0.1 CSPv3 is broken in Safari if it doesn't run from a local IP. Awesome.

=> Let's remove this for Safari and keep chrome and Firefox in the whitelist.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-12-14 13:17:20 +01:00
Joas Schilling c20ab0049f
Identify Chromium as Chrome 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-10-26 12:07:10 +02:00
Lukas Reschke 015affb082
Missing returns + autoloader file 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-25 22:13:09 +02:00
Roeland Jago Douma e351ba56f1
Move browserSupportsCspV3 to CSPNonceManager 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-25 22:03:10 +02:00
Lukas Reschke 38b3ac8213
Add ContentSecurityPolicyNonceManager 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-24 16:35:31 +02:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Roeland Jago Douma 9050e76d95
Move \OC\Security to PSR-4 2016-04-14 19:21:18 +02:00