Add support for disallowing domains to the ContentSecurityPolicy

For enhanced security it is important that there is also a way to disallow domains, including the default ones.

With this commit every method gets added a new "disallow" function.

1 files changed, 110 insertions, 2 deletions

diff --git a/lib/public/appframework/http/contentsecuritypolicy.php b/lib/public/appframework/http/contentsecuritypolicy.php
index be4b6e60f97..9c7218dc8ba 100644
--- a/lib/public/appframework/http/contentsecuritypolicy.php
+++ b/lib/public/appframework/http/contentsecuritypolicy.php
@@ -101,7 +101,7 @@ class ContentSecurityPolicy {
 	 * @since 8.1.0
 	 */
 	public function allowEvalScript($state = true) {
-		$this->evalScriptAllowed= $state;
+		$this->evalScriptAllowed = $state;
 		return $this;
 	}
 
@@ -118,6 +118,18 @@ class ContentSecurityPolicy {
 	}
 
 	/**
+	 * Remove the specified allowed script domain from the allowed domains.
+	 *
+	 * @param string $domain
+	 * @return $this
+	 * @since 8.1.0
+	 */
+	public function disallowScriptDomain($domain) {
+		$this->allowedScriptDomains = array_diff($this->allowedScriptDomains, [$domain]);
+		return $this;
+	}
+
+	/**
 	 * Whether inline CSS snippets are allowed or forbidden
 	 * @param bool $state
 	 * @return $this
@@ -141,6 +153,18 @@ class ContentSecurityPolicy {
 	}
 
 	/**
+	 * Remove the specified allowed style domain from the allowed domains.
+	 *
+	 * @param string $domain
+	 * @return $this
+	 * @since 8.1.0
+	 */
+	public function disallowStyleDomain($domain) {
+		$this->allowedStyleDomains = array_diff($this->allowedStyleDomains, [$domain]);
+		return $this;
+	}
+
+	/**
 	 * Allows using fonts from a specific domain. Use * to allow
 	 * fonts from all domains.
 	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
@@ -153,6 +177,18 @@ class ContentSecurityPolicy {
 	}
 
 	/**
+	 * Remove the specified allowed font domain from the allowed domains.
+	 *
+	 * @param string $domain
+	 * @return $this
+	 * @since 8.1.0
+	 */
+	public function disallowFontDomain($domain) {
+		$this->allowedFontDomains = array_diff($this->allowedFontDomains, [$domain]);
+		return $this;
+	}
+
+	/**
 	 * Allows embedding images from a specific domain. Use * to allow
 	 * images from all domains.
 	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
@@ -165,6 +201,18 @@ class ContentSecurityPolicy {
 	}
 
 	/**
+	 * Remove the specified allowed image domain from the allowed domains.
+	 *
+	 * @param string $domain
+	 * @return $this
+	 * @since 8.1.0
+	 */
+	public function disallowImageDomain($domain) {
+		$this->allowedImageDomains = array_diff($this->allowedImageDomains, [$domain]);
+		return $this;
+	}
+
+	/**
 	 * To which remote domains the JS connect to.
 	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
 	 * @return $this
@@ -176,7 +224,19 @@ class ContentSecurityPolicy {
 	}
 
 	/**
-	 * From whoch domains media elements can be embedded.
+	 * Remove the specified allowed connect domain from the allowed domains.
+	 *
+	 * @param string $domain
+	 * @return $this
+	 * @since 8.1.0
+	 */
+	public function disallowConnectDomain($domain) {
+		$this->allowedConnectDomains = array_diff($this->allowedConnectDomains, [$domain]);
+		return $this;
+	}
+
+	/**
+	 * From which domains media elements can be embedded.
 	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
 	 * @return $this
 	 * @since 8.1.0
@@ -187,6 +247,18 @@ class ContentSecurityPolicy {
 	}
 
 	/**
+	 * Remove the specified allowed media domain from the allowed domains.
+	 *
+	 * @param string $domain
+	 * @return $this
+	 * @since 8.1.0
+	 */
+	public function disallowMediaDomain($domain) {
+		$this->allowedMediaDomains = array_diff($this->allowedMediaDomains, [$domain]);
+		return $this;
+	}
+
+	/**
 	 * From which domains objects such as <object>, <embed> or <applet> are executed
 	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
 	 * @return $this
@@ -198,6 +270,18 @@ class ContentSecurityPolicy {
 	}
 
 	/**
+	 * Remove the specified allowed object domain from the allowed domains.
+	 *
+	 * @param string $domain
+	 * @return $this
+	 * @since 8.1.0
+	 */
+	public function disallowObjectDomain($domain) {
+		$this->allowedObjectDomains = array_diff($this->allowedObjectDomains, [$domain]);
+		return $this;
+	}
+
+	/**
 	 * Which domains can be embedded in an iframe
 	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
 	 * @return $this
@@ -209,6 +293,18 @@ class ContentSecurityPolicy {
 	}
 
 	/**
+	 * Remove the specified allowed frame domain from the allowed domains.
+	 *
+	 * @param string $domain
+	 * @return $this
+	 * @since 8.1.0
+	 */
+	public function disallowFrameDomain($domain) {
+		$this->allowedFrameDomains = array_diff($this->allowedFrameDomains, [$domain]);
+		return $this;
+	}
+
+	/**
 	 * Domains from which web-workers and nested browsing content can load elements
 	 * @param string $domain Domain to whitelist. Any passed value needs to be properly sanitized.
 	 * @return $this
@@ -220,6 +316,18 @@ class ContentSecurityPolicy {
 	}
 
 	/**
+	 * Remove the specified allowed child src domain from the allowed domains.
+	 *
+	 * @param string $domain
+	 * @return $this
+	 * @since 8.1.0
+	 */
+	public function disallowChildSrcDomain($domain) {
+		$this->allowedChildSrcDomains = array_diff($this->allowedChildSrcDomains, [$domain]);
+		return $this;
+	}
+
+	/**
 	 * Get the generated Content-Security-Policy as a string
 	 * @return string
 	 * @since 8.1.0