aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php')
-rw-r--r--lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php30
1 files changed, 29 insertions, 1 deletions
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
index 0482ea49e5c..e6a39b12a42 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
@@ -22,6 +22,7 @@
namespace OC\Security\CSP;
use OC\Security\CSRF\CsrfTokenManager;
+use OCP\IRequest;
/**
* @package OC\Security\CSP
@@ -29,14 +30,19 @@ use OC\Security\CSRF\CsrfTokenManager;
class ContentSecurityPolicyNonceManager {
/** @var CsrfTokenManager */
private $csrfTokenManager;
+ /** @var IRequest */
+ private $request;
/** @var string */
private $nonce = '';
/**
* @param CsrfTokenManager $csrfTokenManager
+ * @param IRequest $request
*/
- public function __construct(CsrfTokenManager $csrfTokenManager) {
+ public function __construct(CsrfTokenManager $csrfTokenManager,
+ IRequest $request) {
$this->csrfTokenManager = $csrfTokenManager;
+ $this->request = $request;
}
/**
@@ -51,4 +57,26 @@ class ContentSecurityPolicyNonceManager {
return $this->nonce;
}
+
+ /**
+ * Check if the browser supports CSP v3
+ *
+ * @return bool
+ */
+ public function browserSupportsCspV3() {
+ $browserWhitelist = [
+ // Chrome 40+
+ '/^Mozilla\/5\.0 \([^)]+\) AppleWebKit\/[0-9.]+ \(KHTML, like Gecko\) Chrome\/[4-9][0-9].[0-9.]+ (Mobile Safari|Safari)\/[0-9.]+$/',
+ // Firefox 45+
+ '/^Mozilla\/5\.0 \([^)]+\) Gecko\/[0-9.]+ Firefox\/(4[5-9]|[5-9][0-9])\.[0-9.]+$/',
+ // Safari 10+
+ '/^Mozilla\/5\.0 \([^)]+\) AppleWebKit\/[0-9.]+ \(KHTML, like Gecko\) Version\/1[0-9.]+ Safari\/[0-9.A-Z]+$/',
+ ];
+
+ if($this->request->isUserAgent($browserWhitelist)) {
+ return true;
+ }
+
+ return false;
+ }
}