diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2016-10-25 14:46:00 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-10-25 14:46:00 +0200 |
| commit | 89574367bcc57da5eda6d13ffcfd8a12de68ea26 (patch) | |
| tree | 8947e9bdc83b55521a4fa52c40e82c6ee7646701 /core | |
| parent | 27ba46c40ed1d365965a1cb79ed7d8a38d759d2c (diff) | |
| parent | ee8b8adf7a62fe4b3823cf803f5f37da3bc6a410 (diff) | |
| download | nextcloud-server-89574367bcc57da5eda6d13ffcfd8a12de68ea26.tar.gz nextcloud-server-89574367bcc57da5eda6d13ffcfd8a12de68ea26.zip | |
Merge pull request #1871 from nextcloud/use-csp-nonces
Use CSP nonces
Diffstat (limited to 'core')
| -rw-r--r-- | core/templates/layout.base.php | 2 | ||||
| -rw-r--r-- | core/templates/layout.guest.php | 2 | ||||
| -rw-r--r-- | core/templates/layout.user.php | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/core/templates/layout.base.php b/core/templates/layout.base.php index 7301ae690cc..3f13523afcb 100644 --- a/core/templates/layout.base.php +++ b/core/templates/layout.base.php @@ -19,7 +19,7 @@ <link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" media="print"> <?php endforeach; ?> <?php foreach ($_['jsfiles'] as $jsfile): ?> - <script src="<?php print_unescaped($jsfile); ?>"></script> + <script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" src="<?php print_unescaped($jsfile); ?>"></script> <?php endforeach; ?> <?php print_unescaped($_['headers']); ?> </head> diff --git a/core/templates/layout.guest.php b/core/templates/layout.guest.php index 58506353158..6d46ac6cf2c 100644 --- a/core/templates/layout.guest.php +++ b/core/templates/layout.guest.php @@ -20,7 +20,7 @@ <link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" media="print"> <?php endforeach; ?> <?php foreach($_['jsfiles'] as $jsfile): ?> - <script src="<?php print_unescaped($jsfile); ?>"></script> + <script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" src="<?php print_unescaped($jsfile); ?>"></script> <?php endforeach; ?> <?php print_unescaped($_['headers']); ?> </head> diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php index 285eb3ab5f3..d258e3582d0 100644 --- a/core/templates/layout.user.php +++ b/core/templates/layout.user.php @@ -27,7 +27,7 @@ <link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" media="print"> <?php endforeach; ?> <?php foreach($_['jsfiles'] as $jsfile): ?> - <script src="<?php print_unescaped($jsfile); ?>"></script> + <script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" src="<?php print_unescaped($jsfile); ?>"></script> <?php endforeach; ?> <?php print_unescaped($_['headers']); ?> </head> |