diff options
Diffstat (limited to 'lib/public/Security/CSP/AddContentSecurityPolicyEvent.php')
| -rw-r--r-- | lib/public/Security/CSP/AddContentSecurityPolicyEvent.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/public/Security/CSP/AddContentSecurityPolicyEvent.php b/lib/public/Security/CSP/AddContentSecurityPolicyEvent.php index bcb25867075..2806cf72871 100644 --- a/lib/public/Security/CSP/AddContentSecurityPolicyEvent.php +++ b/lib/public/Security/CSP/AddContentSecurityPolicyEvent.php @@ -32,6 +32,16 @@ use OCP\AppFramework\Http\EmptyContentSecurityPolicy; use OCP\EventDispatcher\Event; /** + * Allows to inject something into the default content policy. This is for + * example useful when you're injecting Javascript code into a view belonging + * to another controller and cannot modify its Content-Security-Policy itself. + * Note that the adjustment is only applied to applications that use AppFramework + * controllers. + * + * WARNING: Using this API incorrectly may make the instance more insecure. + * Do think twice before adding whitelisting resources. Please do also note + * that it is not possible to use the `disallowXYZ` functions. + * * @since 17.0.0 */ class AddContentSecurityPolicyEvent extends Event { |