Pages that do not use the AppFramework have its CSP inherited from `\OC_Response::addSecurityHeaders`. While those are not many anymore, there are some examples such as the "Help" page.
To stay completely backwards-compatible we should also add the nonce to the legacy CSP response.
To test that open your browser console and open the help page. Without this you will get a JS error. With this you won't.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
As discussed we move all old style classes (OC_FOO_BAR) to legacy.
Then from there we can evaluate the need to convert them back or if they
can be fully deprecated/deleted.
Lukas Reschke
Sergio Bertolín
Joas Schilling
Lukas Reschke
Roeland Jago Douma