Merge pull request #16766 from nextcloud/fix/frame-src/no-nonce

frame-src doesn't respect the nonce attribute
author: Roeland Jago Douma <rullzer@users.noreply.github.com> 2019-08-19 09:22:31 +0200
committer: GitHub <noreply@github.com> 2019-08-19 09:22:31 +0200
commit: e6c225a3f3e39bdb0bb7f1d42c9595f1a3a403c0 (patch)
tree: b4fc4169f7285e0db50280e0faca4b6869cb16d0 /lib
parent: 8514a2a436b57955a65cb9f6e7cf1b9e98721c38 (diff)
parent: c4cafae884edd5d391c7df6cb995d642496dbfd5 (diff)
download: nextcloud-server-e6c225a3f3e39bdb0bb7f1d42c9595f1a3a403c0.tar.gz
nextcloud-server-e6c225a3f3e39bdb0bb7f1d42c9595f1a3a403c0.zip
1 files changed, 0 insertions, 3 deletions
diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
index de892aacf26..b3f341ab054 100644
--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
@@ -494,9 +494,6 @@ class EmptyContentSecurityPolicy {
 
 		if(!empty($this->allowedFrameDomains)) {
 			$policy .= 'frame-src ';
-			if(is_string($this->useJsNonce)) {
-				$policy .= '\'nonce-' . base64_encode($this->useJsNonce) . '\' ';
-			}
 			$policy .= implode(' ', $this->allowedFrameDomains);
 			$policy .= ';';
 		}
author	Roeland Jago Douma <rullzer@users.noreply.github.com>	2019-08-19 09:22:31 +0200
committer	GitHub <noreply@github.com>	2019-08-19 09:22:31 +0200
commit	e6c225a3f3e39bdb0bb7f1d42c9595f1a3a403c0 (patch)
tree	b4fc4169f7285e0db50280e0faca4b6869cb16d0 /lib
parent	8514a2a436b57955a65cb9f6e7cf1b9e98721c38 (diff)
parent	c4cafae884edd5d391c7df6cb995d642496dbfd5 (diff)
download	nextcloud-server-e6c225a3f3e39bdb0bb7f1d42c9595f1a3a403c0.tar.gz nextcloud-server-e6c225a3f3e39bdb0bb7f1d42c9595f1a3a403c0.zip