summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMorris Jobke <hey@morrisjobke.de>2019-04-11 09:43:53 +0200
committerGitHub <noreply@github.com>2019-04-11 09:43:53 +0200
commitaac22ba40fa9bed24f6e78386de4ae846660d340 (patch)
treeb77f80e1bd7aa9c525c1dbda0c532bf57a55770c
parent7641a1589f23eaddbbf3a953746ef1bf6f5234f8 (diff)
parentdfe9e3fb2e063a0cf4ab4849a4329f05cb6255b7 (diff)
downloadnextcloud-server-aac22ba40fa9bed24f6e78386de4ae846660d340.tar.gz
nextcloud-server-aac22ba40fa9bed24f6e78386de4ae846660d340.zip
Merge pull request #15049 from nextcloud/do-not-allow-javascript-eval-in-the-public-share-auth-page-with-talk
Do not allow JavaScript "eval" in the public share auth page with Talk
-rw-r--r--apps/files_sharing/lib/Controller/ShareController.php2
1 files changed, 0 insertions, 2 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareController.php b/apps/files_sharing/lib/Controller/ShareController.php
index 99685f671d3..3bd65cd3974 100644
--- a/apps/files_sharing/lib/Controller/ShareController.php
+++ b/apps/files_sharing/lib/Controller/ShareController.php
@@ -164,7 +164,6 @@ class ShareController extends AuthPublicShareController {
$csp = new ContentSecurityPolicy();
$csp->addAllowedConnectDomain('*');
$csp->addAllowedMediaDomain('blob:');
- $csp->allowEvalScript(true);
$response->setContentSecurityPolicy($csp);
}
@@ -185,7 +184,6 @@ class ShareController extends AuthPublicShareController {
$csp = new ContentSecurityPolicy();
$csp->addAllowedConnectDomain('*');
$csp->addAllowedMediaDomain('blob:');
- $csp->allowEvalScript(true);
$response->setContentSecurityPolicy($csp);
}