diff options
| author | Daniel Calviño Sánchez <danxuliu@gmail.com> | 2019-04-10 16:46:19 +0200 |
|---|---|---|
| committer | Daniel Calviño Sánchez <danxuliu@gmail.com> | 2019-04-10 16:46:19 +0200 |
| commit | dfe9e3fb2e063a0cf4ab4849a4329f05cb6255b7 (patch) | |
| tree | 6a6b3eeaef6d4708358032322ef3a1b7fd5c9977 | |
| parent | d1e4d614daa52503b1a0bb5ebcaf6a7d2b33edb7 (diff) | |
| download | nextcloud-server-dfe9e3fb2e063a0cf4ab4849a4329f05cb6255b7.tar.gz nextcloud-server-dfe9e3fb2e063a0cf4ab4849a4329f05cb6255b7.zip | |
Do not allow JavaScript "eval" in the public share auth page with Talk
Talk no longer uses JavaScript "eval", so the Content Security Policy
can now be configured to prevent its use in the public share
authentication page when the password is protected by Talk.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
| -rw-r--r-- | apps/files_sharing/lib/Controller/ShareController.php | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareController.php b/apps/files_sharing/lib/Controller/ShareController.php index 99685f671d3..3bd65cd3974 100644 --- a/apps/files_sharing/lib/Controller/ShareController.php +++ b/apps/files_sharing/lib/Controller/ShareController.php @@ -164,7 +164,6 @@ class ShareController extends AuthPublicShareController { $csp = new ContentSecurityPolicy(); $csp->addAllowedConnectDomain('*'); $csp->addAllowedMediaDomain('blob:'); - $csp->allowEvalScript(true); $response->setContentSecurityPolicy($csp); } @@ -185,7 +184,6 @@ class ShareController extends AuthPublicShareController { $csp = new ContentSecurityPolicy(); $csp->addAllowedConnectDomain('*'); $csp->addAllowedMediaDomain('blob:'); - $csp->allowEvalScript(true); $response->setContentSecurityPolicy($csp); } |