summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorFerdinand Thiessen <opensource@fthiessen.de>2024-03-22 16:03:29 +0100
committerFerdinand Thiessen <opensource@fthiessen.de>2024-03-26 17:08:22 +0100
commit5a513c924fbb82cfdf360c9837ba88a73e5a66a4 (patch)
tree97fb58677121d21d4f0d93f84ec948b10ba3963b /lib
parent4121b841de5cdeb204c166f8f23f1621c00a9102 (diff)
downloadnextcloud-server-5a513c924fbb82cfdf360c9837ba88a73e5a66a4.tar.gz
nextcloud-server-5a513c924fbb82cfdf360c9837ba88a73e5a66a4.zip
fix(CSP): Add CSP nonce by default and convert `browserSupportsCspV3` to blocklist
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Diffstat (limited to 'lib')
-rw-r--r--lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php13
1 files changed, 5 insertions, 8 deletions
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
index 6dbf86e5c88..827ceda7f93 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
@@ -65,17 +65,14 @@ class ContentSecurityPolicyNonceManager {
* Check if the browser supports CSP v3
*/
public function browserSupportsCspV3(): bool {
- $browserWhitelist = [
- Request::USER_AGENT_CHROME,
- Request::USER_AGENT_FIREFOX,
- Request::USER_AGENT_SAFARI,
- Request::USER_AGENT_MS_EDGE,
+ $browserBlocklist = [
+ Request::USER_AGENT_IE,
];
- if ($this->request->isUserAgent($browserWhitelist)) {
- return true;
+ if ($this->request->isUserAgent($browserBlocklist)) {
+ return false;
}
- return false;
+ return true;
}
}