diff options
author | Morris Jobke <hey@morrisjobke.de> | 2019-04-11 09:43:53 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-04-11 09:43:53 +0200 |
commit | aac22ba40fa9bed24f6e78386de4ae846660d340 (patch) | |
tree | b77f80e1bd7aa9c525c1dbda0c532bf57a55770c | |
parent | 7641a1589f23eaddbbf3a953746ef1bf6f5234f8 (diff) | |
parent | dfe9e3fb2e063a0cf4ab4849a4329f05cb6255b7 (diff) | |
download | nextcloud-server-aac22ba40fa9bed24f6e78386de4ae846660d340.tar.gz nextcloud-server-aac22ba40fa9bed24f6e78386de4ae846660d340.zip |
Merge pull request #15049 from nextcloud/do-not-allow-javascript-eval-in-the-public-share-auth-page-with-talk
Do not allow JavaScript "eval" in the public share auth page with Talk
-rw-r--r-- | apps/files_sharing/lib/Controller/ShareController.php | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareController.php b/apps/files_sharing/lib/Controller/ShareController.php index 99685f671d3..3bd65cd3974 100644 --- a/apps/files_sharing/lib/Controller/ShareController.php +++ b/apps/files_sharing/lib/Controller/ShareController.php @@ -164,7 +164,6 @@ class ShareController extends AuthPublicShareController { $csp = new ContentSecurityPolicy(); $csp->addAllowedConnectDomain('*'); $csp->addAllowedMediaDomain('blob:'); - $csp->allowEvalScript(true); $response->setContentSecurityPolicy($csp); } @@ -185,7 +184,6 @@ class ShareController extends AuthPublicShareController { $csp = new ContentSecurityPolicy(); $csp->addAllowedConnectDomain('*'); $csp->addAllowedMediaDomain('blob:'); - $csp->allowEvalScript(true); $response->setContentSecurityPolicy($csp); } |