diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2018-09-03 16:47:52 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2018-09-04 07:35:44 +0200 |
| commit | c8fe4b4fc864ca025610621903f30e97486dbd43 (patch) | |
| tree | 75f0b2a5f54ddce20adc7725b8808088220774c6 /lib/private | |
| parent | 12a2a754e2ff7a31d75cef94f981e1eb069bb2f5 (diff) | |
| download | nextcloud-server-c8fe4b4fc864ca025610621903f30e97486dbd43.tar.gz nextcloud-server-c8fe4b4fc864ca025610621903f30e97486dbd43.zip | |
Add workerSrc to CSP
Fixes #11035
Since the child-src directive is deprecated (we should kill it at some
point) we need to have the proper worker-src available
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/Security/CSP/ContentSecurityPolicy.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/private/Security/CSP/ContentSecurityPolicy.php b/lib/private/Security/CSP/ContentSecurityPolicy.php index 77e20dedf44..de62b5ee76a 100644 --- a/lib/private/Security/CSP/ContentSecurityPolicy.php +++ b/lib/private/Security/CSP/ContentSecurityPolicy.php @@ -213,4 +213,12 @@ class ContentSecurityPolicy extends \OCP\AppFramework\Http\ContentSecurityPolicy $this->allowedFrameAncestors = $allowedFrameAncestors; } + public function getAllowedWorkerSrcDomains(): array { + return $this->allowedWorkerSrcDomains; + } + + public function setAllowedWorkerSrcDomains(array $allowedWorkerSrcDomains) { + $this->allowedWorkerSrcDomains = $allowedWorkerSrcDomains; + } + } |