diff options
| -rw-r--r-- | core/templates/layout.base.php | 5 | ||||
| -rw-r--r-- | core/templates/layout.guest.php | 5 | ||||
| -rw-r--r-- | core/templates/layout.user.php | 5 | ||||
| -rw-r--r-- | lib/private/TemplateLayout.php | 18 |
4 files changed, 32 insertions, 1 deletions
diff --git a/core/templates/layout.base.php b/core/templates/layout.base.php index 3f13523afcb..d6d70f31362 100644 --- a/core/templates/layout.base.php +++ b/core/templates/layout.base.php @@ -18,6 +18,11 @@ <?php foreach($_['printcssfiles'] as $cssfile): ?> <link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" media="print"> <?php endforeach; ?> + <?php if (isset($_['inline_ocjs'])): ?> + <script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" type="text/javascript"> + <?php print_unescaped($_['inline_ocjs']); ?> + </script> + <?php endif; ?> <?php foreach ($_['jsfiles'] as $jsfile): ?> <script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" src="<?php print_unescaped($jsfile); ?>"></script> <?php endforeach; ?> diff --git a/core/templates/layout.guest.php b/core/templates/layout.guest.php index 6d46ac6cf2c..1692e4268d4 100644 --- a/core/templates/layout.guest.php +++ b/core/templates/layout.guest.php @@ -19,6 +19,11 @@ <?php foreach($_['printcssfiles'] as $cssfile): ?> <link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" media="print"> <?php endforeach; ?> + <?php if (isset($_['inline_ocjs'])): ?> + <script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" type="text/javascript"> + <?php print_unescaped($_['inline_ocjs']); ?> + </script> + <?php endif; ?> <?php foreach($_['jsfiles'] as $jsfile): ?> <script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" src="<?php print_unescaped($jsfile); ?>"></script> <?php endforeach; ?> diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php index d258e3582d0..bc8edf085d0 100644 --- a/core/templates/layout.user.php +++ b/core/templates/layout.user.php @@ -26,6 +26,11 @@ <?php foreach($_['printcssfiles'] as $cssfile): ?> <link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" media="print"> <?php endforeach; ?> + <?php if (isset($_['inline_ocjs'])): ?> + <script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" type="text/javascript"> + <?php print_unescaped($_['inline_ocjs']); ?> + </script> + <?php endif; ?> <?php foreach($_['jsfiles'] as $jsfile): ?> <script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" src="<?php print_unescaped($jsfile); ?>"></script> <?php endforeach; ?> diff --git a/lib/private/TemplateLayout.php b/lib/private/TemplateLayout.php index 92d861238c3..9f89174e7f9 100644 --- a/lib/private/TemplateLayout.php +++ b/lib/private/TemplateLayout.php @@ -43,6 +43,7 @@ use Assetic\Filter\CssMinFilter; use Assetic\Filter\CssRewriteFilter; use Assetic\Filter\JSqueezeFilter; use Assetic\Filter\SeparatorFilter; +use OC\Template\JSConfigHelper; class TemplateLayout extends \OC_Template { @@ -142,7 +143,22 @@ class TemplateLayout extends \OC_Template { $jsFiles = self::findJavascriptFiles(\OC_Util::$scripts); $this->assign('jsfiles', array()); if ($this->config->getSystemValue('installed', false) && $renderAs != 'error') { - $this->append( 'jsfiles', \OC::$server->getURLGenerator()->linkToRoute('core.OCJS.getConfig', ['v' => self::$versionHash])); + if (\OC::$server->getContentSecurityPolicyNonceManager()->browserSupportsCspV3()) { + $jsConfigHelper = new JSConfigHelper( + \OC::$server->getL10N('core'), + \OC::$server->getThemingDefaults(), + \OC::$server->getAppManager(), + \OC::$server->getUserSession()->getUser(), + \OC::$server->getConfig(), + \OC::$server->getGroupManager(), + \OC::$server->getIniWrapper(), + \OC::$server->getURLGenerator() + ); + $this->assign('inline_ocjs', $jsConfigHelper->getConfig()); + $this->assign('foo', 'bar'); + } else { + $this->append('jsfiles', \OC::$server->getURLGenerator()->linkToRoute('core.OCJS.getConfig', ['v' => self::$versionHash])); + } } foreach($jsFiles as $info) { $web = $info[1]; |