feat: Provide CSP nonce as `<meta>` element

This way we use the CSP nonce for dynamically loaded scripts. Important to notice: The CSP nonce must NOT be injected in `content` as this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors). Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
author: Ferdinand Thiessen <opensource@fthiessen.de> 2024-08-01 23:06:55 +0200
committer: Ferdinand Thiessen <opensource@fthiessen.de> 2024-08-13 10:32:44 +0200
commit: 2916e5df7e08fc588e752beaf486d907112a34ee (patch)
tree: 968c83adcd9a70717bda5d1d1a5e06f23a158097 /tests
parent: 009761be58c4485f29a8d3382e51fb4e1bfbeec4 (diff)
download: nextcloud-server-2916e5df7e08fc588e752beaf486d907112a34ee.tar.gz
nextcloud-server-2916e5df7e08fc588e752beaf486d907112a34ee.zip
1 files changed, 0 insertions, 1 deletions
diff --git a/tests/lib/AppFramework/Middleware/Security/CSPMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/CSPMiddlewareTest.php
index 9ce4f3daf79..63981d72b54 100644
--- a/tests/lib/AppFramework/Middleware/Security/CSPMiddlewareTest.php
+++ b/tests/lib/AppFramework/Middleware/Security/CSPMiddlewareTest.php
@@ -12,7 +12,6 @@ use OC\AppFramework\Middleware\Security\CSPMiddleware;
 use OC\Security\CSP\ContentSecurityPolicy;
 use OC\Security\CSP\ContentSecurityPolicyManager;
 use OC\Security\CSP\ContentSecurityPolicyNonceManager;
-use OC\Security\CSRF\CsrfToken;
 use OC\Security\CSRF\CsrfTokenManager;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
author	Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-01 23:06:55 +0200
committer	Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-13 10:32:44 +0200
commit	2916e5df7e08fc588e752beaf486d907112a34ee (patch)
tree	968c83adcd9a70717bda5d1d1a5e06f23a158097 /tests
parent	009761be58c4485f29a8d3382e51fb4e1bfbeec4 (diff)
download	nextcloud-server-2916e5df7e08fc588e752beaf486d907112a34ee.tar.gz nextcloud-server-2916e5df7e08fc588e752beaf486d907112a34ee.zip