mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
nextcloud/tests
History
Lukas Reschke 809ff5ac95 Add public API to give developers the possibility to adjust the global CSP defaults 
Allows to inject something into the default content policy. This is for
example useful when you're injecting Javascript code into a view belonging
to another controller and cannot modify its Content-Security-Policy itself.
Note that the adjustment is only applied to applications that use AppFramework
controllers.

To use this from your `app.php` use `\OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy)`,
$policy has to be of type `\OCP\AppFramework\Http\ContentSecurityPolicy`.

To test this add something like the following into an `app.php` of any enabled app:
```
$manager = \OC::$server->getContentSecurityPolicyManager();
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false);
$policy->addAllowedFrameDomain('asdf');
$policy->addAllowedScriptDomain('yolo.com');

$policy->allowInlineScript(false);
$manager->addDefaultPolicy($policy);
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false);
$policy->addAllowedFontDomain('yolo.com');
$manager->addDefaultPolicy($policy);

$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false);
$policy->addAllowedFrameDomain('banana.com');
$manager->addDefaultPolicy($policy);
```

If you now open the files app the policy should be:

```
Content-Security-Policy:default-src 'none';script-src yolo.com 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src yolo.com 'self';connect-src 'self';media-src 'self';frame-src asdf banana.com 'self'
```
 		2016-01-28 18:36:46 +01:00
..
acceptance correct delete-icon to icon-delete, fix #11128 2014-09-22 18:17:33 +02:00
apps [App Code Check] add check for version and mandatory fields 2015-09-24 11:58:12 +02:00
core Merge pull request #18444 from owncloud/occ-config-types 2016-01-25 10:02:51 +01:00
data Exclude .htaccess modifications from code checker 2016-01-22 11:51:54 +01:00
lib Add public API to give developers the possibility to adjust the global CSP defaults 2016-01-28 18:36:46 +01:00
objectstore Use proper statement to retrieve the IP of an docker instance 2015-10-30 09:28:33 +01:00
ocs Following the spec: 2015-08-05 17:49:44 +02:00
ocs-provider Reference v2 in the provider list 2015-10-13 16:45:16 +02:00
settings Introduce IUser::setEMailAddress and add hook mechanism 2016-01-20 14:57:20 +01:00
travis Make Travis CI pass when DAV was not touched 2015-10-29 10:14:45 +01:00
apps.php do not execute integration tests when executing autotest.sh 2015-05-15 16:38:21 +02:00
bootstrap.php Load all enabled apps in test bootstrap 2015-09-07 16:06:53 +01:00
enable_all.php added app "federation", allows you to connect ownClouds and exchange user lists 2015-11-19 18:06:38 +01:00
karma.config.js Added system tags GUI in sidebar 2016-01-19 16:24:26 +01:00
phpunit-autotest-external.xml remove deprecated strict setting 2015-12-09 12:10:12 +01:00
phpunit-autotest.xml Add endpoint with list of OCS providers 2015-06-27 18:23:49 +02:00
phpunit.xml.dist Add endpoint with list of OCS providers 2015-06-27 18:23:49 +02:00
preseed-config.php Do not add apps2/ directory if it does not exist 2015-03-19 09:07:29 +01:00
startsessionlistener.php Make compatible with PHPUnit 5.1 2015-12-10 09:22:41 +01:00