diff options
| author | Julius Härtl <jus@bitgrid.net> | 2024-03-08 14:51:53 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-08 14:51:53 +0100 |
| commit | 9522ef849771392583b51a3f03812a429a666d01 (patch) | |
| tree | 82c1ef275ef085fb3132e95d2f9ee5d2de559b02 | |
| parent | 1c0191aecf453c05f8796eca92aa906cd5235531 (diff) | |
| parent | 78ba1b0712a1fd15e408b4e84007d20b6bbe39d6 (diff) | |
| download | nextcloud-server-9522ef849771392583b51a3f03812a429a666d01.tar.gz nextcloud-server-9522ef849771392583b51a3f03812a429a666d01.zip | |
Merge pull request #43778 from nextcloud/fix/edge-csp
Fix CSP for script-src with nonce on edge
| -rw-r--r-- | lib/private/AppFramework/Http/Request.php | 2 | ||||
| -rw-r--r-- | lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 1 | ||||
| -rw-r--r-- | lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 6 |
3 files changed, 5 insertions, 4 deletions
diff --git a/lib/private/AppFramework/Http/Request.php b/lib/private/AppFramework/Http/Request.php index b905c6184fa..94054c3e62c 100644 --- a/lib/private/AppFramework/Http/Request.php +++ b/lib/private/AppFramework/Http/Request.php @@ -68,7 +68,7 @@ use Symfony\Component\HttpFoundation\IpUtils; class Request implements \ArrayAccess, \Countable, IRequest { public const USER_AGENT_IE = '/(MSIE)|(Trident)/'; // Microsoft Edge User Agent from https://msdn.microsoft.com/en-us/library/hh869301(v=vs.85).aspx - public const USER_AGENT_MS_EDGE = '/^Mozilla\/5\.0 \([^)]+\) AppleWebKit\/[0-9.]+ \(KHTML, like Gecko\) Chrome\/[0-9.]+ (Mobile Safari|Safari)\/[0-9.]+ Edge\/[0-9.]+$/'; + public const USER_AGENT_MS_EDGE = '/^Mozilla\/5\.0 \([^)]+\) AppleWebKit\/[0-9.]+ \(KHTML, like Gecko\) Chrome\/[0-9.]+ (Mobile Safari|Safari)\/[0-9.]+ Edge?\/[0-9.]+$/'; // Firefox User Agent from https://developer.mozilla.org/en-US/docs/Web/HTTP/Gecko_user_agent_string_reference public const USER_AGENT_FIREFOX = '/^Mozilla\/5\.0 \([^)]+\) Gecko\/[0-9.]+ Firefox\/[0-9.]+$/'; // Chrome User Agent from https://developer.chrome.com/multidevice/user-agent diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php index 6573007a459..6dbf86e5c88 100644 --- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php +++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php @@ -69,6 +69,7 @@ class ContentSecurityPolicyNonceManager { Request::USER_AGENT_CHROME, Request::USER_AGENT_FIREFOX, Request::USER_AGENT_SAFARI, + Request::USER_AGENT_MS_EDGE, ]; if ($this->request->isUserAgent($browserWhitelist)) { diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php index aeee4a4ee74..6662a302d7f 100644 --- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php +++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php @@ -37,8 +37,8 @@ namespace OCP\AppFramework\Http; * @since 9.0.0 */ class EmptyContentSecurityPolicy { - /** @var string JS nonce to be used */ - protected $jsNonce = null; + /** @var ?string JS nonce to be used */ + protected ?string $jsNonce = null; /** @var bool Whether strict-dynamic should be used */ protected $strictDynamicAllowed = null; /** @var bool Whether strict-dynamic should be used on script-src-elem */ @@ -460,7 +460,7 @@ class EmptyContentSecurityPolicy { $policy .= "base-uri 'none';"; $policy .= "manifest-src 'self';"; - if (!empty($this->allowedScriptDomains) || $this->evalScriptAllowed || $this->evalWasmAllowed) { + if (!empty($this->allowedScriptDomains) || $this->evalScriptAllowed || $this->evalWasmAllowed || is_string($this->jsNonce)) { $policy .= 'script-src '; $scriptSrc = ''; if (is_string($this->jsNonce)) { |