diff options
author | Ferdinand Thiessen <opensource@fthiessen.de> | 2024-03-22 16:03:29 +0100 |
---|---|---|
committer | Ferdinand Thiessen <opensource@fthiessen.de> | 2024-03-26 17:08:22 +0100 |
commit | 5a513c924fbb82cfdf360c9837ba88a73e5a66a4 (patch) | |
tree | 97fb58677121d21d4f0d93f84ec948b10ba3963b /lib | |
parent | 4121b841de5cdeb204c166f8f23f1621c00a9102 (diff) | |
download | nextcloud-server-5a513c924fbb82cfdf360c9837ba88a73e5a66a4.tar.gz nextcloud-server-5a513c924fbb82cfdf360c9837ba88a73e5a66a4.zip |
fix(CSP): Add CSP nonce by default and convert `browserSupportsCspV3` to blocklist
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php index 6dbf86e5c88..827ceda7f93 100644 --- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php +++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php @@ -65,17 +65,14 @@ class ContentSecurityPolicyNonceManager { * Check if the browser supports CSP v3 */ public function browserSupportsCspV3(): bool { - $browserWhitelist = [ - Request::USER_AGENT_CHROME, - Request::USER_AGENT_FIREFOX, - Request::USER_AGENT_SAFARI, - Request::USER_AGENT_MS_EDGE, + $browserBlocklist = [ + Request::USER_AGENT_IE, ]; - if ($this->request->isUserAgent($browserWhitelist)) { - return true; + if ($this->request->isUserAgent($browserBlocklist)) { + return false; } - return false; + return true; } } |