diff options
author | Roeland Jago Douma <roeland@famdouma.nl> | 2019-04-03 18:42:34 +0200 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2019-04-16 14:09:39 +0200 |
commit | 7276735eb423ed126333923bb921d9d4bef16f07 (patch) | |
tree | 4131f2b8665f2e5066eb84d9ef39691709accc42 /lib/public | |
parent | 4e88cd3aae0b1c8e662197dd10e2e65ffe8cf489 (diff) | |
download | nextcloud-server-7276735eb423ed126333923bb921d9d4bef16f07.tar.gz nextcloud-server-7276735eb423ed126333923bb921d9d4bef16f07.zip |
Set empty CSP by default
For #14179
By default responses should have the strictest (and simplest) CSP
possible. Only template responses should require an actual CSP.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/public')
-rw-r--r-- | lib/public/AppFramework/Http/DataDisplayResponse.php | 2 | ||||
-rw-r--r-- | lib/public/AppFramework/Http/DataResponse.php | 2 | ||||
-rw-r--r-- | lib/public/AppFramework/Http/DownloadResponse.php | 4 | ||||
-rw-r--r-- | lib/public/AppFramework/Http/FileDisplayResponse.php | 2 | ||||
-rw-r--r-- | lib/public/AppFramework/Http/JSONResponse.php | 2 | ||||
-rw-r--r-- | lib/public/AppFramework/Http/NotFoundResponse.php | 2 | ||||
-rw-r--r-- | lib/public/AppFramework/Http/OCSResponse.php | 2 | ||||
-rw-r--r-- | lib/public/AppFramework/Http/RedirectResponse.php | 2 | ||||
-rw-r--r-- | lib/public/AppFramework/Http/Response.php | 9 | ||||
-rw-r--r-- | lib/public/AppFramework/Http/StreamResponse.php | 2 | ||||
-rw-r--r-- | lib/public/AppFramework/Http/TemplateResponse.php | 4 | ||||
-rw-r--r-- | lib/public/AppFramework/Http/ZipResponse.php | 2 |
12 files changed, 34 insertions, 1 deletions
diff --git a/lib/public/AppFramework/Http/DataDisplayResponse.php b/lib/public/AppFramework/Http/DataDisplayResponse.php index 4932b9db668..3ab64c470e5 100644 --- a/lib/public/AppFramework/Http/DataDisplayResponse.php +++ b/lib/public/AppFramework/Http/DataDisplayResponse.php @@ -49,6 +49,8 @@ class DataDisplayResponse extends Response { */ public function __construct($data='', $statusCode=Http::STATUS_OK, $headers=[]) { + parent::__construct(); + $this->data = $data; $this->setStatus($statusCode); $this->setHeaders(array_merge($this->getHeaders(), $headers)); diff --git a/lib/public/AppFramework/Http/DataResponse.php b/lib/public/AppFramework/Http/DataResponse.php index 17e68134438..9c7a386f7cd 100644 --- a/lib/public/AppFramework/Http/DataResponse.php +++ b/lib/public/AppFramework/Http/DataResponse.php @@ -52,6 +52,8 @@ class DataResponse extends Response { */ public function __construct($data=array(), $statusCode=Http::STATUS_OK, array $headers=array()) { + parent::__construct(); + $this->data = $data; $this->setStatus($statusCode); $this->setHeaders(array_merge($this->getHeaders(), $headers)); diff --git a/lib/public/AppFramework/Http/DownloadResponse.php b/lib/public/AppFramework/Http/DownloadResponse.php index 46f318d9b82..774a6287cb2 100644 --- a/lib/public/AppFramework/Http/DownloadResponse.php +++ b/lib/public/AppFramework/Http/DownloadResponse.php @@ -30,7 +30,7 @@ namespace OCP\AppFramework\Http; * Prompts the user to download the a file * @since 7.0.0 */ -class DownloadResponse extends \OCP\AppFramework\Http\Response { +class DownloadResponse extends Response { private $filename; private $contentType; @@ -42,6 +42,8 @@ class DownloadResponse extends \OCP\AppFramework\Http\Response { * @since 7.0.0 */ public function __construct($filename, $contentType) { + parent::__construct(); + $this->filename = $filename; $this->contentType = $contentType; diff --git a/lib/public/AppFramework/Http/FileDisplayResponse.php b/lib/public/AppFramework/Http/FileDisplayResponse.php index ab23701f893..2d2dd29e6a1 100644 --- a/lib/public/AppFramework/Http/FileDisplayResponse.php +++ b/lib/public/AppFramework/Http/FileDisplayResponse.php @@ -45,6 +45,8 @@ class FileDisplayResponse extends Response implements ICallbackResponse { */ public function __construct($file, $statusCode=Http::STATUS_OK, $headers=[]) { + parent::__construct(); + $this->file = $file; $this->setStatus($statusCode); $this->setHeaders(array_merge($this->getHeaders(), $headers)); diff --git a/lib/public/AppFramework/Http/JSONResponse.php b/lib/public/AppFramework/Http/JSONResponse.php index 1b8b676e601..b80434079ba 100644 --- a/lib/public/AppFramework/Http/JSONResponse.php +++ b/lib/public/AppFramework/Http/JSONResponse.php @@ -53,6 +53,8 @@ class JSONResponse extends Response { * @since 6.0.0 */ public function __construct($data=array(), $statusCode=Http::STATUS_OK) { + parent::__construct(); + $this->data = $data; $this->setStatus($statusCode); $this->addHeader('Content-Type', 'application/json; charset=utf-8'); diff --git a/lib/public/AppFramework/Http/NotFoundResponse.php b/lib/public/AppFramework/Http/NotFoundResponse.php index 7f068a4c413..6d764ec526e 100644 --- a/lib/public/AppFramework/Http/NotFoundResponse.php +++ b/lib/public/AppFramework/Http/NotFoundResponse.php @@ -35,6 +35,8 @@ class NotFoundResponse extends Response { * @since 8.1.0 */ public function __construct() { + parent::__construct(); + $this->setStatus(404); } diff --git a/lib/public/AppFramework/Http/OCSResponse.php b/lib/public/AppFramework/Http/OCSResponse.php index 3480aa172ff..5f56913a45a 100644 --- a/lib/public/AppFramework/Http/OCSResponse.php +++ b/lib/public/AppFramework/Http/OCSResponse.php @@ -59,6 +59,8 @@ class OCSResponse extends Response { public function __construct($format, $statuscode, $message, $data=[], $itemscount='', $itemsperpage='') { + parent::__construct(); + $this->format = $format; $this->statuscode = $statuscode; $this->message = $message; diff --git a/lib/public/AppFramework/Http/RedirectResponse.php b/lib/public/AppFramework/Http/RedirectResponse.php index 0ce3a64cb38..dc44bbe999c 100644 --- a/lib/public/AppFramework/Http/RedirectResponse.php +++ b/lib/public/AppFramework/Http/RedirectResponse.php @@ -43,6 +43,8 @@ class RedirectResponse extends Response { * @since 7.0.0 */ public function __construct($redirectURL) { + parent::__construct(); + $this->redirectURL = $redirectURL; $this->setStatus(Http::STATUS_SEE_OTHER); $this->addHeader('Location', $redirectURL); diff --git a/lib/public/AppFramework/Http/Response.php b/lib/public/AppFramework/Http/Response.php index a6f5afd3c18..98c0a7f5f70 100644 --- a/lib/public/AppFramework/Http/Response.php +++ b/lib/public/AppFramework/Http/Response.php @@ -90,6 +90,15 @@ class Response { private $throttleMetadata = []; /** + * Response constructor. + * + * @since 17.0.0 + */ + public function __construct() { + $this->setContentSecurityPolicy(new EmptyContentSecurityPolicy()); + } + + /** * Caches the response * @param int $cacheSeconds the amount of seconds that should be cached * if 0 then caching will be disabled diff --git a/lib/public/AppFramework/Http/StreamResponse.php b/lib/public/AppFramework/Http/StreamResponse.php index 8ffc94dc8f1..d8a183bba50 100644 --- a/lib/public/AppFramework/Http/StreamResponse.php +++ b/lib/public/AppFramework/Http/StreamResponse.php @@ -42,6 +42,8 @@ class StreamResponse extends Response implements ICallbackResponse { * @since 8.1.0 */ public function __construct ($filePath) { + parent::__construct(); + $this->filePath = $filePath; } diff --git a/lib/public/AppFramework/Http/TemplateResponse.php b/lib/public/AppFramework/Http/TemplateResponse.php index f6436038cc3..334928cc03c 100644 --- a/lib/public/AppFramework/Http/TemplateResponse.php +++ b/lib/public/AppFramework/Http/TemplateResponse.php @@ -75,10 +75,14 @@ class TemplateResponse extends Response { */ public function __construct($appName, $templateName, array $params=array(), $renderAs='user') { + parent::__construct(); + $this->templateName = $templateName; $this->appName = $appName; $this->params = $params; $this->renderAs = $renderAs; + + $this->setContentSecurityPolicy(new ContentSecurityPolicy()); } diff --git a/lib/public/AppFramework/Http/ZipResponse.php b/lib/public/AppFramework/Http/ZipResponse.php index 630efb38c7d..bec0812ab0c 100644 --- a/lib/public/AppFramework/Http/ZipResponse.php +++ b/lib/public/AppFramework/Http/ZipResponse.php @@ -44,6 +44,8 @@ class ZipResponse extends Response implements ICallbackResponse { * @since 15.0.0 */ public function __construct(IRequest $request, string $name = 'output') { + parent::__construct(); + $this->name = $name; $this->request = $request; } |