summaryrefslogtreecommitdiffstats
path: root/lib/public/AppFramework/Http
diff options
context:
space:
mode:
authorRoeland Jago Douma <roeland@famdouma.nl>2019-04-03 18:42:34 +0200
committerRoeland Jago Douma <roeland@famdouma.nl>2019-04-16 14:09:39 +0200
commit7276735eb423ed126333923bb921d9d4bef16f07 (patch)
tree4131f2b8665f2e5066eb84d9ef39691709accc42 /lib/public/AppFramework/Http
parent4e88cd3aae0b1c8e662197dd10e2e65ffe8cf489 (diff)
downloadnextcloud-server-7276735eb423ed126333923bb921d9d4bef16f07.tar.gz
nextcloud-server-7276735eb423ed126333923bb921d9d4bef16f07.zip
Set empty CSP by default
For #14179 By default responses should have the strictest (and simplest) CSP possible. Only template responses should require an actual CSP. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/public/AppFramework/Http')
-rw-r--r--lib/public/AppFramework/Http/DataDisplayResponse.php2
-rw-r--r--lib/public/AppFramework/Http/DataResponse.php2
-rw-r--r--lib/public/AppFramework/Http/DownloadResponse.php4
-rw-r--r--lib/public/AppFramework/Http/FileDisplayResponse.php2
-rw-r--r--lib/public/AppFramework/Http/JSONResponse.php2
-rw-r--r--lib/public/AppFramework/Http/NotFoundResponse.php2
-rw-r--r--lib/public/AppFramework/Http/OCSResponse.php2
-rw-r--r--lib/public/AppFramework/Http/RedirectResponse.php2
-rw-r--r--lib/public/AppFramework/Http/Response.php9
-rw-r--r--lib/public/AppFramework/Http/StreamResponse.php2
-rw-r--r--lib/public/AppFramework/Http/TemplateResponse.php4
-rw-r--r--lib/public/AppFramework/Http/ZipResponse.php2
12 files changed, 34 insertions, 1 deletions
diff --git a/lib/public/AppFramework/Http/DataDisplayResponse.php b/lib/public/AppFramework/Http/DataDisplayResponse.php
index 4932b9db668..3ab64c470e5 100644
--- a/lib/public/AppFramework/Http/DataDisplayResponse.php
+++ b/lib/public/AppFramework/Http/DataDisplayResponse.php
@@ -49,6 +49,8 @@ class DataDisplayResponse extends Response {
*/
public function __construct($data='', $statusCode=Http::STATUS_OK,
$headers=[]) {
+ parent::__construct();
+
$this->data = $data;
$this->setStatus($statusCode);
$this->setHeaders(array_merge($this->getHeaders(), $headers));
diff --git a/lib/public/AppFramework/Http/DataResponse.php b/lib/public/AppFramework/Http/DataResponse.php
index 17e68134438..9c7a386f7cd 100644
--- a/lib/public/AppFramework/Http/DataResponse.php
+++ b/lib/public/AppFramework/Http/DataResponse.php
@@ -52,6 +52,8 @@ class DataResponse extends Response {
*/
public function __construct($data=array(), $statusCode=Http::STATUS_OK,
array $headers=array()) {
+ parent::__construct();
+
$this->data = $data;
$this->setStatus($statusCode);
$this->setHeaders(array_merge($this->getHeaders(), $headers));
diff --git a/lib/public/AppFramework/Http/DownloadResponse.php b/lib/public/AppFramework/Http/DownloadResponse.php
index 46f318d9b82..774a6287cb2 100644
--- a/lib/public/AppFramework/Http/DownloadResponse.php
+++ b/lib/public/AppFramework/Http/DownloadResponse.php
@@ -30,7 +30,7 @@ namespace OCP\AppFramework\Http;
* Prompts the user to download the a file
* @since 7.0.0
*/
-class DownloadResponse extends \OCP\AppFramework\Http\Response {
+class DownloadResponse extends Response {
private $filename;
private $contentType;
@@ -42,6 +42,8 @@ class DownloadResponse extends \OCP\AppFramework\Http\Response {
* @since 7.0.0
*/
public function __construct($filename, $contentType) {
+ parent::__construct();
+
$this->filename = $filename;
$this->contentType = $contentType;
diff --git a/lib/public/AppFramework/Http/FileDisplayResponse.php b/lib/public/AppFramework/Http/FileDisplayResponse.php
index ab23701f893..2d2dd29e6a1 100644
--- a/lib/public/AppFramework/Http/FileDisplayResponse.php
+++ b/lib/public/AppFramework/Http/FileDisplayResponse.php
@@ -45,6 +45,8 @@ class FileDisplayResponse extends Response implements ICallbackResponse {
*/
public function __construct($file, $statusCode=Http::STATUS_OK,
$headers=[]) {
+ parent::__construct();
+
$this->file = $file;
$this->setStatus($statusCode);
$this->setHeaders(array_merge($this->getHeaders(), $headers));
diff --git a/lib/public/AppFramework/Http/JSONResponse.php b/lib/public/AppFramework/Http/JSONResponse.php
index 1b8b676e601..b80434079ba 100644
--- a/lib/public/AppFramework/Http/JSONResponse.php
+++ b/lib/public/AppFramework/Http/JSONResponse.php
@@ -53,6 +53,8 @@ class JSONResponse extends Response {
* @since 6.0.0
*/
public function __construct($data=array(), $statusCode=Http::STATUS_OK) {
+ parent::__construct();
+
$this->data = $data;
$this->setStatus($statusCode);
$this->addHeader('Content-Type', 'application/json; charset=utf-8');
diff --git a/lib/public/AppFramework/Http/NotFoundResponse.php b/lib/public/AppFramework/Http/NotFoundResponse.php
index 7f068a4c413..6d764ec526e 100644
--- a/lib/public/AppFramework/Http/NotFoundResponse.php
+++ b/lib/public/AppFramework/Http/NotFoundResponse.php
@@ -35,6 +35,8 @@ class NotFoundResponse extends Response {
* @since 8.1.0
*/
public function __construct() {
+ parent::__construct();
+
$this->setStatus(404);
}
diff --git a/lib/public/AppFramework/Http/OCSResponse.php b/lib/public/AppFramework/Http/OCSResponse.php
index 3480aa172ff..5f56913a45a 100644
--- a/lib/public/AppFramework/Http/OCSResponse.php
+++ b/lib/public/AppFramework/Http/OCSResponse.php
@@ -59,6 +59,8 @@ class OCSResponse extends Response {
public function __construct($format, $statuscode, $message,
$data=[], $itemscount='',
$itemsperpage='') {
+ parent::__construct();
+
$this->format = $format;
$this->statuscode = $statuscode;
$this->message = $message;
diff --git a/lib/public/AppFramework/Http/RedirectResponse.php b/lib/public/AppFramework/Http/RedirectResponse.php
index 0ce3a64cb38..dc44bbe999c 100644
--- a/lib/public/AppFramework/Http/RedirectResponse.php
+++ b/lib/public/AppFramework/Http/RedirectResponse.php
@@ -43,6 +43,8 @@ class RedirectResponse extends Response {
* @since 7.0.0
*/
public function __construct($redirectURL) {
+ parent::__construct();
+
$this->redirectURL = $redirectURL;
$this->setStatus(Http::STATUS_SEE_OTHER);
$this->addHeader('Location', $redirectURL);
diff --git a/lib/public/AppFramework/Http/Response.php b/lib/public/AppFramework/Http/Response.php
index a6f5afd3c18..98c0a7f5f70 100644
--- a/lib/public/AppFramework/Http/Response.php
+++ b/lib/public/AppFramework/Http/Response.php
@@ -90,6 +90,15 @@ class Response {
private $throttleMetadata = [];
/**
+ * Response constructor.
+ *
+ * @since 17.0.0
+ */
+ public function __construct() {
+ $this->setContentSecurityPolicy(new EmptyContentSecurityPolicy());
+ }
+
+ /**
* Caches the response
* @param int $cacheSeconds the amount of seconds that should be cached
* if 0 then caching will be disabled
diff --git a/lib/public/AppFramework/Http/StreamResponse.php b/lib/public/AppFramework/Http/StreamResponse.php
index 8ffc94dc8f1..d8a183bba50 100644
--- a/lib/public/AppFramework/Http/StreamResponse.php
+++ b/lib/public/AppFramework/Http/StreamResponse.php
@@ -42,6 +42,8 @@ class StreamResponse extends Response implements ICallbackResponse {
* @since 8.1.0
*/
public function __construct ($filePath) {
+ parent::__construct();
+
$this->filePath = $filePath;
}
diff --git a/lib/public/AppFramework/Http/TemplateResponse.php b/lib/public/AppFramework/Http/TemplateResponse.php
index f6436038cc3..334928cc03c 100644
--- a/lib/public/AppFramework/Http/TemplateResponse.php
+++ b/lib/public/AppFramework/Http/TemplateResponse.php
@@ -75,10 +75,14 @@ class TemplateResponse extends Response {
*/
public function __construct($appName, $templateName, array $params=array(),
$renderAs='user') {
+ parent::__construct();
+
$this->templateName = $templateName;
$this->appName = $appName;
$this->params = $params;
$this->renderAs = $renderAs;
+
+ $this->setContentSecurityPolicy(new ContentSecurityPolicy());
}
diff --git a/lib/public/AppFramework/Http/ZipResponse.php b/lib/public/AppFramework/Http/ZipResponse.php
index 630efb38c7d..bec0812ab0c 100644
--- a/lib/public/AppFramework/Http/ZipResponse.php
+++ b/lib/public/AppFramework/Http/ZipResponse.php
@@ -44,6 +44,8 @@ class ZipResponse extends Response implements ICallbackResponse {
* @since 15.0.0
*/
public function __construct(IRequest $request, string $name = 'output') {
+ parent::__construct();
+
$this->name = $name;
$this->request = $request;
}