diff options
| author | Julius Härtl <jus@bitgrid.net> | 2024-03-08 14:51:53 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-08 14:51:53 +0100 |
| commit | 9522ef849771392583b51a3f03812a429a666d01 (patch) | |
| tree | 82c1ef275ef085fb3132e95d2f9ee5d2de559b02 /lib/public | |
| parent | 1c0191aecf453c05f8796eca92aa906cd5235531 (diff) | |
| parent | 78ba1b0712a1fd15e408b4e84007d20b6bbe39d6 (diff) | |
| download | nextcloud-server-9522ef849771392583b51a3f03812a429a666d01.tar.gz nextcloud-server-9522ef849771392583b51a3f03812a429a666d01.zip | |
Merge pull request #43778 from nextcloud/fix/edge-csp
Fix CSP for script-src with nonce on edge
Diffstat (limited to 'lib/public')
| -rw-r--r-- | lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php index aeee4a4ee74..6662a302d7f 100644 --- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php +++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php @@ -37,8 +37,8 @@ namespace OCP\AppFramework\Http; * @since 9.0.0 */ class EmptyContentSecurityPolicy { - /** @var string JS nonce to be used */ - protected $jsNonce = null; + /** @var ?string JS nonce to be used */ + protected ?string $jsNonce = null; /** @var bool Whether strict-dynamic should be used */ protected $strictDynamicAllowed = null; /** @var bool Whether strict-dynamic should be used on script-src-elem */ @@ -460,7 +460,7 @@ class EmptyContentSecurityPolicy { $policy .= "base-uri 'none';"; $policy .= "manifest-src 'self';"; - if (!empty($this->allowedScriptDomains) || $this->evalScriptAllowed || $this->evalWasmAllowed) { + if (!empty($this->allowedScriptDomains) || $this->evalScriptAllowed || $this->evalWasmAllowed || is_string($this->jsNonce)) { $policy .= 'script-src '; $scriptSrc = ''; if (is_string($this->jsNonce)) { |