diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2018-09-03 15:28:37 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2018-10-14 20:45:34 +0200 |
| commit | 5b61ef9213df0ff67ebd5b9c88a8e1562f367351 (patch) | |
| tree | 19543e649aec57ce289ea47fb3cd8d3121fc6557 /tests/lib/Security | |
| parent | 0fca815b4dd601381a909656a1e3e7a7e89714d2 (diff) | |
| download | nextcloud-server-5b61ef9213df0ff67ebd5b9c88a8e1562f367351.tar.gz nextcloud-server-5b61ef9213df0ff67ebd5b9c88a8e1562f367351.zip | |
Disallow unsafe-eval by default
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'tests/lib/Security')
| -rw-r--r-- | tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php b/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php index 25c92571441..2a82e9c4878 100644 --- a/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php +++ b/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php @@ -47,6 +47,7 @@ class ContentSecurityPolicyManagerTest extends \Test\TestCase { $policy->addAllowedFontDomain('example.com'); $policy->addAllowedImageDomain('example.org'); $policy->allowInlineScript(true); + $policy->allowEvalScript(true); $this->contentSecurityPolicyManager->addDefaultPolicy($policy); $policy = new \OCP\AppFramework\Http\EmptyContentSecurityPolicy(); $policy->addAllowedChildSrcDomain('childdomain'); @@ -55,6 +56,7 @@ class ContentSecurityPolicyManagerTest extends \Test\TestCase { $expected = new \OC\Security\CSP\ContentSecurityPolicy(); $expected->allowInlineScript(true); + $expected->allowEvalScript(true); $expected->addAllowedFontDomain('mydomain.com'); $expected->addAllowedFontDomain('example.com'); $expected->addAllowedFontDomain('anotherFontDomain'); |