summaryrefslogtreecommitdiffstats
path: root/build/integration/features/webdav-related.feature
diff options
context:
space:
mode:
authorLukas Reschke <lukas@owncloud.com>2016-04-16 23:15:23 +0200
committerLukas Reschke <lukas@owncloud.com>2016-04-16 23:15:23 +0200
commit95e62180ce63187f74d8e4d31ccdad11110f329c (patch)
treef42c35519af90b26848330de37559e254c7847e4 /build/integration/features/webdav-related.feature
parent90a77cb86880b9a7dac278c5ba38a314c74245b9 (diff)
parent0cba1ba7f9b40bb2bdf7eb2939702389c646d99a (diff)
downloadnextcloud-server-95e62180ce63187f74d8e4d31ccdad11110f329c.tar.gz
nextcloud-server-95e62180ce63187f74d8e4d31ccdad11110f329c.zip
Merge pull request #23939 from owncloud/stricter-csp-for-dav-backend
Employ a stricter Content Security Policy on remote.php
Diffstat (limited to 'build/integration/features/webdav-related.feature')
-rw-r--r--build/integration/features/webdav-related.feature4
1 files changed, 2 insertions, 2 deletions
diff --git a/build/integration/features/webdav-related.feature b/build/integration/features/webdav-related.feature
index 6fc437773c6..f1c99444f6d 100644
--- a/build/integration/features/webdav-related.feature
+++ b/build/integration/features/webdav-related.feature
@@ -74,7 +74,7 @@ Feature: webdav-related
When Downloading file "/welcome.txt"
Then The following headers should be set
|Content-Disposition|attachment|
- |Content-Security-Policy|default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *|
+ |Content-Security-Policy|default-src 'none';|
|X-Content-Type-Options |nosniff|
|X-Download-Options|noopen|
|X-Frame-Options|Sameorigin|
@@ -89,7 +89,7 @@ Feature: webdav-related
When Downloading file "/welcome.txt"
Then The following headers should be set
|Content-Disposition|attachment|
- |Content-Security-Policy|default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *|
+ |Content-Security-Policy|default-src 'none';|
|X-Content-Type-Options |nosniff|
|X-Download-Options|noopen|
|X-Frame-Options|Sameorigin|