diff options
Diffstat (limited to 'lib/public/AppFramework/Http/ContentSecurityPolicy.php')
| -rw-r--r-- | lib/public/AppFramework/Http/ContentSecurityPolicy.php | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/public/AppFramework/Http/ContentSecurityPolicy.php b/lib/public/AppFramework/Http/ContentSecurityPolicy.php index 9438c6ead61..c705955bb8a 100644 --- a/lib/public/AppFramework/Http/ContentSecurityPolicy.php +++ b/lib/public/AppFramework/Http/ContentSecurityPolicy.php @@ -27,16 +27,19 @@ namespace OCP\AppFramework\Http; /** * Class ContentSecurityPolicy is a simple helper which allows applications to - * modify the Content-Security-Policy sent by ownCloud. Per default only JavaScript, + * modify the Content-Security-Policy sent by Nextcloud. Per default only JavaScript, * stylesheets, images, fonts, media and connections from the same domain * ('self') are allowed. * * Even if a value gets modified above defaults will still get appended. Please - * notice that ownCloud ships already with sensible defaults and those policies + * notice that Nextcloud ships already with sensible defaults and those policies * should require no modification at all for most use-cases. * + * This class allows unsafe-eval of javascript and unsafe-inline of CSS. + * * @package OCP\AppFramework\Http * @since 8.1.0 + * @deprecated 14.0.0 Use one of our stricter CSP policies */ class ContentSecurityPolicy extends EmptyContentSecurityPolicy { /** @var bool Whether inline JS snippets are allowed */ |