diff options
| author | Julius Härtl <jus@bitgrid.net> | 2024-02-23 10:53:12 +0100 |
|---|---|---|
| committer | Julius Härtl <jus@bitgrid.net> | 2024-03-11 10:08:56 +0100 |
| commit | 8df5864db7782b908ffbcb1e1ba98644138ea5d9 (patch) | |
| tree | 53d834cdba28f0154100489b56da91e2862b4747 /lib/public/AppFramework | |
| parent | 3103a85c18923f5163370cc19d78d482b9a0adde (diff) | |
| download | nextcloud-server-8df5864db7782b908ffbcb1e1ba98644138ea5d9.tar.gz nextcloud-server-8df5864db7782b908ffbcb1e1ba98644138ea5d9.zip | |
fix: Allow nonce in csp header also if no other reasons are given
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Diffstat (limited to 'lib/public/AppFramework')
| -rw-r--r-- | lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php index aeee4a4ee74..6662a302d7f 100644 --- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php +++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php @@ -37,8 +37,8 @@ namespace OCP\AppFramework\Http; * @since 9.0.0 */ class EmptyContentSecurityPolicy { - /** @var string JS nonce to be used */ - protected $jsNonce = null; + /** @var ?string JS nonce to be used */ + protected ?string $jsNonce = null; /** @var bool Whether strict-dynamic should be used */ protected $strictDynamicAllowed = null; /** @var bool Whether strict-dynamic should be used on script-src-elem */ @@ -460,7 +460,7 @@ class EmptyContentSecurityPolicy { $policy .= "base-uri 'none';"; $policy .= "manifest-src 'self';"; - if (!empty($this->allowedScriptDomains) || $this->evalScriptAllowed || $this->evalWasmAllowed) { + if (!empty($this->allowedScriptDomains) || $this->evalScriptAllowed || $this->evalWasmAllowed || is_string($this->jsNonce)) { $policy .= 'script-src '; $scriptSrc = ''; if (is_string($this->jsNonce)) { |