upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-03-19 17:13:56 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 60
nextcloud/lib
History
Daniel Calviño Sánchez 41f2d912d2 Allow "wasm-unsafe-eval" in CSP 
If a page has a Content Security Policy header and the `script-src` (or
`default-src`) directive does not contain neither `wasm-unsafe-eval` nor
`unsafe-eval` loading and executing WebAssembly is blocked in the page
(although it is still possible to load and execute WebAssembly in a
worker thread).

Although the Nextcloud classes to manage the CSP already supported
allowing `unsafe-eval` this affects not only WebAssembly, but also the
`eval` operation in JavaScript.

To make possible to allow WebAssembly execution without allowing
JavaScript `eval` this commit adds support for allowing
`wasm-unsafe-eval`.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2023-08-10 02:38:41 +02:00
..
composer allow anon text processing scheduling 2023-08-07 13:27:53 +02:00
l10n Fix(l10n): Update translations from Transifex 2023-08-10 00:26:45 +00:00
private Allow "wasm-unsafe-eval" in CSP 2023-08-10 02:38:41 +02:00
public Allow "wasm-unsafe-eval" in CSP 2023-08-10 02:38:41 +02:00
autoloader.php Add a built-in profiler inside Nextcloud 2022-04-04 10:28:26 +02:00
base.php fix: Migrate collaboration listener and remove legacy adapter 2023-07-28 14:11:21 +02:00
versioncheck.php Allow 8.2 in versioncheck 2023-02-02 12:05:20 +01:00