diff options
author | Vincent Petry <vincent@nextcloud.com> | 2022-04-01 13:56:15 +0200 |
---|---|---|
committer | Vincent Petry <vincent@nextcloud.com> | 2022-04-01 13:56:34 +0200 |
commit | 18c013d8fc0d95249136799c5c0e67994766d953 (patch) | |
tree | fca9753e8cad77ee192b6477edcf3222e4c62c98 /tests | |
parent | 800fae0133f2e7321c0df3c9633138bcd8ac15b7 (diff) | |
download | nextcloud-server-18c013d8fc0d95249136799c5c0e67994766d953.tar.gz nextcloud-server-18c013d8fc0d95249136799c5c0e67994766d953.zip |
Add CSP policy merge priority for booleans
When two booleans conflict when merging CSP policies, true will win.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php b/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php index e5cf9ea9e1f..082ef46330d 100644 --- a/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php +++ b/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php @@ -87,6 +87,7 @@ class ContentSecurityPolicyManagerTest extends TestCase { $policy->addAllowedFontDomain('mydomain.com'); $policy->addAllowedImageDomain('anotherdomain.de'); $policy->useStrictDynamic(true); + $policy->allowEvalScript(true); $e->addPolicy($policy); }); @@ -96,7 +97,7 @@ class ContentSecurityPolicyManagerTest extends TestCase { $policy->addAllowedFontDomain('example.com'); $policy->addAllowedImageDomain('example.org'); $policy->allowInlineScript(true); - $policy->allowEvalScript(true); + $policy->allowEvalScript(false); $e->addPolicy($policy); }); |