diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2016-04-12 13:30:37 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2016-04-12 13:30:37 +0200 |
| commit | 0cba1ba7f9b40bb2bdf7eb2939702389c646d99a (patch) | |
| tree | c08c4925ed177053ddab073a44221de820a94575 /build | |
| parent | 16df1c5188d5a312ef5db7db427961597fe56ebe (diff) | |
| download | nextcloud-server-0cba1ba7f9b40bb2bdf7eb2939702389c646d99a.tar.gz nextcloud-server-0cba1ba7f9b40bb2bdf7eb2939702389c646d99a.zip | |
Employ a stricter Content Security Policy on remote.php
Items sent by remote.php have not to be interpreted by browsers in any way.
Diffstat (limited to 'build')
| -rw-r--r-- | build/integration/features/webdav-related.feature | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/build/integration/features/webdav-related.feature b/build/integration/features/webdav-related.feature index ee841f9eb5b..85f9460310a 100644 --- a/build/integration/features/webdav-related.feature +++ b/build/integration/features/webdav-related.feature @@ -74,7 +74,7 @@ Feature: webdav-related When Downloading file "/welcome.txt" Then The following headers should be set |Content-Disposition|attachment| - |Content-Security-Policy|default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *| + |Content-Security-Policy|default-src 'none';| |X-Content-Type-Options |nosniff| |X-Download-Options|noopen| |X-Frame-Options|Sameorigin| @@ -89,7 +89,7 @@ Feature: webdav-related When Downloading file "/welcome.txt" Then The following headers should be set |Content-Disposition|attachment| - |Content-Security-Policy|default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *| + |Content-Security-Policy|default-src 'none';| |X-Content-Type-Options |nosniff| |X-Download-Options|noopen| |X-Frame-Options|Sameorigin| |