mirror of
https://github.com/nextcloud/server.git
synced 2026-02-20 00:12:30 -05:00
41f2d912d2
If a page has a Content Security Policy header and the `script-src` (or `default-src`) directive does not contain neither `wasm-unsafe-eval` nor `unsafe-eval` loading and executing WebAssembly is blocked in the page (although it is still possible to load and execute WebAssembly in a worker thread). Although the Nextcloud classes to manage the CSP already supported allowing `unsafe-eval` this affects not only WebAssembly, but also the `eval` operation in JavaScript. To make possible to allow WebAssembly execution without allowing JavaScript `eval` this commit adds support for allowing `wasm-unsafe-eval`. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com> |
||
|---|---|---|
| .. | ||
| Attribute | ||
| Events | ||
| Template | ||
| ContentSecurityPolicy.php | ||
| DataDisplayResponse.php | ||
| DataDownloadResponse.php | ||
| DataResponse.php | ||
| DownloadResponse.php | ||
| EmptyContentSecurityPolicy.php | ||
| EmptyFeaturePolicy.php | ||
| FeaturePolicy.php | ||
| FileDisplayResponse.php | ||
| ICallbackResponse.php | ||
| IOutput.php | ||
| JSONResponse.php | ||
| NotFoundResponse.php | ||
| RedirectResponse.php | ||
| RedirectToDefaultAppResponse.php | ||
| Response.php | ||
| StandaloneTemplateResponse.php | ||
| StreamResponse.php | ||
| StrictContentSecurityPolicy.php | ||
| StrictEvalContentSecurityPolicy.php | ||
| StrictInlineContentSecurityPolicy.php | ||
| TemplateResponse.php | ||
| TextPlainResponse.php | ||
| TooManyRequestsResponse.php | ||
| ZipResponse.php | ||