diff options
| author | Simon L <szaimen@e.mail.de> | 2023-06-12 14:20:11 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-06-12 14:20:11 +0200 |
| commit | 63bf207ca7a18dd50ce3aeaea42e53f4ee400fc0 (patch) | |
| tree | 5c1eca4967217723afb43485d9bf0e04139ed377 /lib | |
| parent | 83faba5e613b4ac8d7fce091e5b545a7a30b1640 (diff) | |
| parent | 08a3f3769581dc148c8f86c6fa0997905a6b3a10 (diff) | |
| download | nextcloud-server-63bf207ca7a18dd50ce3aeaea42e53f4ee400fc0.tar.gz nextcloud-server-63bf207ca7a18dd50ce3aeaea42e53f4ee400fc0.zip | |
Merge pull request #38642 from nextcloud/chore/appframework/drop-emptycontentsecuritypolicy-allowinlinescript
chore(appframework)!: Drop \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 19 |
1 files changed, 1 insertions, 18 deletions
diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php index 98a42aeabb5..035b4f01f60 100644 --- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php +++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php @@ -37,8 +37,6 @@ namespace OCP\AppFramework\Http; * @since 9.0.0 */ class EmptyContentSecurityPolicy { - /** @var bool Whether inline JS snippets are allowed */ - protected $inlineScriptAllowed = null; /** @var string Whether JS nonces should be used */ protected $useJsNonce = null; /** @var bool Whether strict-dynamic should be used */ @@ -84,18 +82,6 @@ class EmptyContentSecurityPolicy { protected $reportTo = null; /** - * Whether inline JavaScript snippets are allowed or forbidden - * @param bool $state - * @return $this - * @since 8.1.0 - * @deprecated 10.0 CSP tokens are now used - */ - public function allowInlineScript($state = false) { - $this->inlineScriptAllowed = $state; - return $this; - } - - /** * @param bool $state * @return EmptyContentSecurityPolicy * @since 24.0.0 @@ -447,7 +433,7 @@ class EmptyContentSecurityPolicy { $policy .= "base-uri 'none';"; $policy .= "manifest-src 'self';"; - if (!empty($this->allowedScriptDomains) || $this->inlineScriptAllowed || $this->evalScriptAllowed) { + if (!empty($this->allowedScriptDomains) || $this->evalScriptAllowed) { $policy .= 'script-src '; if (is_string($this->useJsNonce)) { if ($this->strictDynamicAllowed) { @@ -464,9 +450,6 @@ class EmptyContentSecurityPolicy { if (is_array($this->allowedScriptDomains)) { $policy .= implode(' ', $this->allowedScriptDomains); } - if ($this->inlineScriptAllowed) { - $policy .= ' \'unsafe-inline\''; - } if ($this->evalScriptAllowed) { $policy .= ' \'unsafe-eval\''; } |