Merge pull request #44412 from nextcloud/fix/add-csp-nonce-by-default

fix(CSP): Add CSP nonce by default and convert `browserSupportsCspV3` to blacklist

lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php

@@ -65,17 +65,14 @@ class ContentSecurityPolicyNonceManager {
 	 * Check if the browser supports CSP v3
 	 */
 	public function browserSupportsCspV3(): bool {
-		$browserWhitelist = [
-			Request::USER_AGENT_CHROME,
-			Request::USER_AGENT_FIREFOX,
-			Request::USER_AGENT_SAFARI,
-			Request::USER_AGENT_MS_EDGE,
+		$browserBlocklist = [
+			Request::USER_AGENT_IE,
 		];
 
-		if ($this->request->isUserAgent($browserWhitelist)) {
-			return true;
+		if ($this->request->isUserAgent($browserBlocklist)) {
+			return false;
 		}
 
-		return false;
+		return true;
 	}
 }