upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-20 22:00:39 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 15
nextcloud/lib/private
History
Lukas Reschke 809ff5ac95 Add public API to give developers the possibility to adjust the global CSP defaults 
Allows to inject something into the default content policy. This is for
example useful when you're injecting Javascript code into a view belonging
to another controller and cannot modify its Content-Security-Policy itself.
Note that the adjustment is only applied to applications that use AppFramework
controllers.

To use this from your `app.php` use `\OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy)`,
$policy has to be of type `\OCP\AppFramework\Http\ContentSecurityPolicy`.

To test this add something like the following into an `app.php` of any enabled app:
```
$manager = \OC::$server->getContentSecurityPolicyManager();
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false);
$policy->addAllowedFrameDomain('asdf');
$policy->addAllowedScriptDomain('yolo.com');

$policy->allowInlineScript(false);
$manager->addDefaultPolicy($policy);
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false);
$policy->addAllowedFontDomain('yolo.com');
$manager->addDefaultPolicy($policy);

$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false);
$policy->addAllowedFrameDomain('banana.com');
$manager->addDefaultPolicy($policy);
```

If you now open the files app the policy should be:

```
Content-Security-Policy:default-src 'none';script-src yolo.com 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src yolo.com 'self';connect-src 'self';media-src 'self';frame-src asdf banana.com 'self'
```
2016-01-28 18:36:46 +01:00
..
activity Happy new year! 2016-01-12 15:02:18 +01:00
app Scrutinizer Auto-Fixes 2016-01-15 12:54:26 +00:00
appframework Add public API to give developers the possibility to adjust the global CSP defaults 2016-01-28 18:36:46 +01:00
archive Happy new year! 2016-01-12 15:02:18 +01:00
backgroundjob Add message key to context of logException 2016-01-15 14:55:30 +01:00
cache Allow indirect set in CappedMemoryCache 2016-01-14 15:00:41 +01:00
command Happy new year! 2016-01-12 15:02:18 +01:00
comments Comments DAV implementation 2016-01-26 12:10:14 +01:00
console Happy new year! 2016-01-12 15:02:18 +01:00
contacts Happy new year! 2016-01-12 15:02:18 +01:00
db Move parameter to the right function call 2016-01-26 14:56:07 +01:00
diagnostics Happy new year! 2016-01-12 15:02:18 +01:00
encryption Happy new year! 2016-01-12 15:02:18 +01:00
files fix cachejail->update 2016-01-28 11:46:44 +01:00
group Solves # 2016-01-21 17:29:14 +01:00
hooks Happy new year! 2016-01-12 15:02:18 +01:00
http/client Merge pull request #21671 from owncloud/fix-setup-on-master 2016-01-13 10:29:36 +01:00
integritycheck Merge pull request #21849 from owncloud/add-custom-marker-into-htaccess 2016-01-22 13:13:59 +01:00
l10n Check whether ownCloud is installed 2016-01-27 18:30:18 +01:00
legacy Move class to legacy folder 2016-01-26 14:10:05 +01:00
lock Happy new year! 2016-01-12 15:02:18 +01:00
log Fix errors after install 2016-01-26 17:06:23 +01:00
mail Happy new year! 2016-01-12 15:02:18 +01:00
memcache Fix constructor arguments for APCUIterator 2016-01-18 12:20:05 +01:00
notification Move the notification API to public namespace 2016-01-22 10:32:42 +01:00
ocs Happy new year! 2016-01-12 15:02:18 +01:00
preview Happy new year! 2016-01-12 15:02:18 +01:00
repair Replace other usages 2016-01-25 17:17:36 +01:00
route Happy new year! 2016-01-12 15:02:18 +01:00
search Happy new year! 2016-01-12 15:02:18 +01:00
security Add public API to give developers the possibility to adjust the global CSP defaults 2016-01-28 18:36:46 +01:00
session Happy new year! 2016-01-12 15:02:18 +01:00
setup Happy new year! 2016-01-12 15:02:18 +01:00
share Replace other usages 2016-01-25 17:17:36 +01:00
share20 [Share 2.0] Remove setId and setProviderId from the interface 2016-01-28 07:54:16 +01:00
systemtag Replace other usages 2016-01-25 17:17:36 +01:00
tagging Happy new year! 2016-01-12 15:02:18 +01:00
template Merge pull request #21894 from owncloud/refactor-csrf 2016-01-26 11:36:56 +01:00
user Changing the avatar of the user emits the changeUser event which triggers update of the system addressbook 2016-01-25 20:05:11 +01:00
activitymanager.php Happy new year! 2016-01-12 15:02:18 +01:00
allconfig.php Introduce IDBConnection::setValues() 2016-01-18 11:10:41 +01:00
api.php Happy new year! 2016-01-12 15:02:18 +01:00
app.php Merge pull request #21424 from owncloud/appversions 2016-01-25 10:02:02 +01:00
appconfig.php Merge pull request #21424 from owncloud/appversions 2016-01-25 10:02:02 +01:00
apphelper.php Happy new year! 2016-01-12 15:02:18 +01:00
archive.php Happy new year! 2016-01-12 15:02:18 +01:00
avatar.php Trigger change on avatar delete 2016-01-25 20:56:04 +01:00
avatarmanager.php Changing the avatar of the user emits the changeUser event which triggers update of the system addressbook 2016-01-25 20:05:11 +01:00
capabilitiesmanager.php Happy new year! 2016-01-12 15:02:18 +01:00
config.php Fix errors after install 2016-01-26 17:06:23 +01:00
contactsmanager.php Happy new year! 2016-01-12 15:02:18 +01:00
databaseexception.php Happy new year! 2016-01-12 15:02:18 +01:00
databasesetupexception.php Happy new year! 2016-01-12 15:02:18 +01:00
datetimeformatter.php Happy new year! 2016-01-12 15:02:18 +01:00
datetimezone.php Happy new year! 2016-01-12 15:02:18 +01:00
db.php Happy new year! 2016-01-12 15:02:18 +01:00
defaults.php Scrutinizer Auto-Fixes 2016-01-15 12:54:26 +00:00
eventsource.php Happy new year! 2016-01-12 15:02:18 +01:00
filechunking.php Happy new year! 2016-01-12 15:02:18 +01:00
files.php Happy new year! 2016-01-12 15:02:18 +01:00
forbiddenexception.php Happy new year! 2016-01-12 15:02:18 +01:00
group.php Happy new year! 2016-01-12 15:02:18 +01:00
helper.php Remove OC_Helper::imagePath and use the proper public interface 2016-01-24 18:04:20 +01:00
hintexception.php In case the hint of the HintException is empty we better use the exception message 2016-01-27 10:08:21 +01:00
hook.php Simply use logException() to log the exception - no need for custom code 2016-01-13 15:52:18 +01:00
httphelper.php Happy new year! 2016-01-12 15:02:18 +01:00
image.php Happy new year! 2016-01-12 15:02:18 +01:00
installer.php Fixing CodeChecker usage 🙈 2016-01-14 17:35:28 +01:00
json.php Happy new year! 2016-01-12 15:02:18 +01:00
largefilehelper.php Happy new year! 2016-01-12 15:02:18 +01:00
log.php Add message key to context of logException 2016-01-15 14:55:30 +01:00
naturalsort.php Happy new year! 2016-01-12 15:02:18 +01:00
naturalsort_defaultcollator.php Happy new year! 2016-01-12 15:02:18 +01:00
navigationmanager.php Happy new year! 2016-01-12 15:02:18 +01:00
needsupdateexception.php Happy new year! 2016-01-12 15:02:18 +01:00
notsquareexception.php Happy new year! 2016-01-12 15:02:18 +01:00
ocs.php Happy new year! 2016-01-12 15:02:18 +01:00
ocsclient.php Merge pull request #21591 from owncloud/add-code-checking-for-apps 2016-01-13 10:35:00 +01:00
preview.php Happy new year! 2016-01-12 15:02:18 +01:00
previewmanager.php Happy new year! 2016-01-12 15:02:18 +01:00
repair.php Happy new year! 2016-01-12 15:02:18 +01:00
repairexception.php Happy new year! 2016-01-12 15:02:18 +01:00
repairstep.php Happy new year! 2016-01-12 15:02:18 +01:00
response.php Merge pull request #21630 from owncloud/add-some-security-headers-as-hardening 2016-01-13 10:33:58 +01:00
search.php Happy new year! 2016-01-12 15:02:18 +01:00
server.php Add public API to give developers the possibility to adjust the global CSP defaults 2016-01-28 18:36:46 +01:00
servercontainer.php Happy new year! 2016-01-12 15:02:18 +01:00
servernotavailableexception.php Happy new year! 2016-01-12 15:02:18 +01:00
serviceunavailableexception.php Happy new year! 2016-01-12 15:02:18 +01:00
setup.php Avoid error message in log during setup because of existing data dir 2016-01-26 18:50:41 +01:00
streamer.php Happy new year! 2016-01-12 15:02:18 +01:00
subadmin.php Happy new year! 2016-01-12 15:02:18 +01:00
systemconfig.php Happy new year! 2016-01-12 15:02:18 +01:00
tagmanager.php Happy new year! 2016-01-12 15:02:18 +01:00
tags.php Replace other usages 2016-01-25 17:17:36 +01:00
template.php Add new CSRF manager for unit testing purposes 2016-01-25 20:03:40 +01:00
templatelayout.php Fix setup page 2016-01-26 09:05:10 +01:00
tempmanager.php Merge pull request #21543 from owncloud/Larzenegger-master 2016-01-15 13:29:57 +01:00
updater.php Merge pull request #21668 from owncloud/add-super-evil-and-hidden-config-switch-to-disable-integrity-checks-really-just-do-not-use-this 2016-01-13 10:30:02 +01:00
urlgenerator.php Happy new year! 2016-01-12 15:02:18 +01:00
user.php Regenerate CSRF token upon login 2016-01-25 20:03:40 +01:00
util.php Add new CSRF manager for unit testing purposes 2016-01-25 20:03:40 +01:00