diff options
Diffstat (limited to 'lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php')
| -rw-r--r-- | lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php index 2046c240291..993f74ae0e4 100644 --- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php +++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php @@ -33,7 +33,8 @@ class ContentSecurityPolicyNonceManager { // Get the token from the CSRF token, we only use the "shared secret" part // as the first part does not add any security / entropy to the token // so it can be ignored to keep the nonce short while keeping the same randomness - $this->nonce = end(explode(':', ($this->csrfTokenManager->getToken()->getEncryptedValue()))); + $csrfSecret = explode(':', ($this->csrfTokenManager->getToken()->getEncryptedValue())); + $this->nonce = end($csrfSecret); } else { $this->nonce = $this->request->server['CSP_NONCE']; } |