Add CSP policy merge priority for booleans

When two booleans conflict when merging CSP policies, true will win. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
author: Vincent Petry <vincent@nextcloud.com> 2022-04-01 13:56:15 +0200
committer: Vincent Petry <vincent@nextcloud.com> 2022-04-01 13:56:34 +0200
commit: 18c013d8fc0d95249136799c5c0e67994766d953 (patch)
tree: fca9753e8cad77ee192b6477edcf3222e4c62c98 /lib/public/AppFramework
parent: 800fae0133f2e7321c0df3c9633138bcd8ac15b7 (diff)
download: nextcloud-server-18c013d8fc0d95249136799c5c0e67994766d953.tar.gz
nextcloud-server-18c013d8fc0d95249136799c5c0e67994766d953.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/public/AppFramework/Http/ContentSecurityPolicy.php b/lib/public/AppFramework/Http/ContentSecurityPolicy.php
index 3a91e3dc2a7..0e3a6a705d5 100644
--- a/lib/public/AppFramework/Http/ContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/ContentSecurityPolicy.php
@@ -45,7 +45,7 @@ class ContentSecurityPolicy extends EmptyContentSecurityPolicy {
 	/** @var bool Whether eval in JS scripts is allowed */
 	protected $evalScriptAllowed = false;
 	/** @var bool Whether strict-dynamic should be set */
-	protected $strictDynamicAllowed = null;
+	protected $strictDynamicAllowed = false;
 	/** @var array Domains from which scripts can get loaded */
 	protected $allowedScriptDomains = [
 		'\'self\'',
author	Vincent Petry <vincent@nextcloud.com>	2022-04-01 13:56:15 +0200
committer	Vincent Petry <vincent@nextcloud.com>	2022-04-01 13:56:34 +0200
commit	18c013d8fc0d95249136799c5c0e67994766d953 (patch)
tree	fca9753e8cad77ee192b6477edcf3222e4c62c98 /lib/public/AppFramework
parent	800fae0133f2e7321c0df3c9633138bcd8ac15b7 (diff)
download	nextcloud-server-18c013d8fc0d95249136799c5c0e67994766d953.tar.gz nextcloud-server-18c013d8fc0d95249136799c5c0e67994766d953.zip