Allow AppFramework applications to specify a custom CSP header - nextcloud-server.git - Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server

diff options

author	Lukas Reschke <lukas@owncloud.com>	2015-02-09 16:30:01 +0100
committer	Lukas Reschke <lukas@owncloud.com>	2015-02-16 11:00:41 +0100
commit	b20174bdad33f619054db08e320e5e546e2834b1 (patch)
tree	d23a1cd064027d81ffe81c0c81a1ac943c756be9 /issue_template.md
parent	786ff6a5a323e2efe54aa6b736c3fbdf12813d79 (diff)
download	nextcloud-server-b20174bdad33f619054db08e320e5e546e2834b1.tar.gz nextcloud-server-b20174bdad33f619054db08e320e5e546e2834b1.zip

Allow AppFramework applications to specify a custom CSP header

This change allows AppFramework applications to specify a custom CSP header for example when the default policy is too strict. Furthermore this allows us to partially migrate away from CSS and allowed eval() in our JavaScript components. Legacy ownCloud components will still use the previous policy. Application developers can use this as following in their controllers: ```php $response = new TemplateResponse('activity', 'list', []); $cspHelper = new ContentSecurityPolicyHelper(); $cspHelper->addAllowedScriptDomain('www.owncloud.org'); $response->addHeader('Content-Security-Policy', $cspHelper->getPolicy()); return $response; ``` Fixes https://github.com/owncloud/core/issues/11857 which is a pre-requisite for https://github.com/owncloud/core/issues/13458 and https://github.com/owncloud/core/issues/11925

Diffstat (limited to 'issue_template.md')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: