1 files changed, 46 insertions, 0 deletions

diff --git a/lib/public/Security/CSP/AddContentSecurityPolicyEvent.php b/lib/public/Security/CSP/AddContentSecurityPolicyEvent.php
new file mode 100644
index 00000000000..c1cbddd298f
--- /dev/null
+++ b/lib/public/Security/CSP/AddContentSecurityPolicyEvent.php
@@ -0,0 +1,46 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCP\Security\CSP;
+
+use OC\Security\CSP\ContentSecurityPolicyManager;
+use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
+use OCP\EventDispatcher\Event;
+
+/**
+ * Allows to inject something into the default content policy. This is for
+ * example useful when you're injecting Javascript code into a view belonging
+ * to another controller and cannot modify its Content-Security-Policy itself.
+ * Note that the adjustment is only applied to applications that use AppFramework
+ * controllers.
+ *
+ * WARNING: Using this API incorrectly may make the instance more insecure.
+ * Do think twice before adding whitelisting resources. Please do also note
+ * that it is not possible to use the `disallowXYZ` functions.
+ *
+ * @since 17.0.0
+ */
+class AddContentSecurityPolicyEvent extends Event {
+	/** @var ContentSecurityPolicyManager */
+	private $policyManager;
+
+	/**
+	 * @since 17.0.0
+	 */
+	public function __construct(ContentSecurityPolicyManager $policyManager) {
+		parent::__construct();
+		$this->policyManager = $policyManager;
+	}
+
+	/**
+	 * @since 17.0.0
+	 */
+	public function addPolicy(EmptyContentSecurityPolicy $csp): void {
+		$this->policyManager->addDefaultPolicy($csp);
+	}
+}