Add workerSrc to CSP

Fixes #11035 Since the child-src directive is deprecated (we should kill it at some point) we need to have the proper worker-src available Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
author: Roeland Jago Douma <roeland@famdouma.nl> 2018-09-03 16:47:52 +0200
committer: Roeland Jago Douma <roeland@famdouma.nl> 2018-09-04 07:35:44 +0200
commit: c8fe4b4fc864ca025610621903f30e97486dbd43 (patch)
tree: 75f0b2a5f54ddce20adc7725b8808088220774c6 /lib/private/Security
parent: 12a2a754e2ff7a31d75cef94f981e1eb069bb2f5 (diff)
download: nextcloud-server-c8fe4b4fc864ca025610621903f30e97486dbd43.tar.gz
nextcloud-server-c8fe4b4fc864ca025610621903f30e97486dbd43.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/private/Security/CSP/ContentSecurityPolicy.php b/lib/private/Security/CSP/ContentSecurityPolicy.php
index 77e20dedf44..de62b5ee76a 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicy.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicy.php
@@ -213,4 +213,12 @@ class ContentSecurityPolicy extends \OCP\AppFramework\Http\ContentSecurityPolicy
 		$this->allowedFrameAncestors = $allowedFrameAncestors;
 	}
 
+	public function getAllowedWorkerSrcDomains(): array {
+		return $this->allowedWorkerSrcDomains;
+	}
+
+	public function setAllowedWorkerSrcDomains(array $allowedWorkerSrcDomains) {
+		$this->allowedWorkerSrcDomains = $allowedWorkerSrcDomains;
+	}
+
 }
author	Roeland Jago Douma <roeland@famdouma.nl>	2018-09-03 16:47:52 +0200
committer	Roeland Jago Douma <roeland@famdouma.nl>	2018-09-04 07:35:44 +0200
commit	c8fe4b4fc864ca025610621903f30e97486dbd43 (patch)
tree	75f0b2a5f54ddce20adc7725b8808088220774c6 /lib/private/Security
parent	12a2a754e2ff7a31d75cef94f981e1eb069bb2f5 (diff)
download	nextcloud-server-c8fe4b4fc864ca025610621903f30e97486dbd43.tar.gz nextcloud-server-c8fe4b4fc864ca025610621903f30e97486dbd43.zip