summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorVincent Petry <vincent@nextcloud.com>2022-04-01 13:56:15 +0200
committerVincent Petry <vincent@nextcloud.com>2022-04-01 13:56:34 +0200
commit18c013d8fc0d95249136799c5c0e67994766d953 (patch)
treefca9753e8cad77ee192b6477edcf3222e4c62c98 /tests
parent800fae0133f2e7321c0df3c9633138bcd8ac15b7 (diff)
downloadnextcloud-server-18c013d8fc0d95249136799c5c0e67994766d953.tar.gz
nextcloud-server-18c013d8fc0d95249136799c5c0e67994766d953.zip
Add CSP policy merge priority for booleans
When two booleans conflict when merging CSP policies, true will win. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Diffstat (limited to 'tests')
-rw-r--r--tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php3
1 files changed, 2 insertions, 1 deletions
diff --git a/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php b/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php
index e5cf9ea9e1f..082ef46330d 100644
--- a/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php
+++ b/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php
@@ -87,6 +87,7 @@ class ContentSecurityPolicyManagerTest extends TestCase {
$policy->addAllowedFontDomain('mydomain.com');
$policy->addAllowedImageDomain('anotherdomain.de');
$policy->useStrictDynamic(true);
+ $policy->allowEvalScript(true);
$e->addPolicy($policy);
});
@@ -96,7 +97,7 @@ class ContentSecurityPolicyManagerTest extends TestCase {
$policy->addAllowedFontDomain('example.com');
$policy->addAllowedImageDomain('example.org');
$policy->allowInlineScript(true);
- $policy->allowEvalScript(true);
+ $policy->allowEvalScript(false);
$e->addPolicy($policy);
});