aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
Commit message (Collapse)AuthorAgeFilesLines
* feat: Provide CSP nonce as `<meta>` elementFerdinand Thiessen2024-08-131-1/+2
| | | | | | | | This way we use the CSP nonce for dynamically loaded scripts. Important to notice: The CSP nonce must NOT be injected in `content` as this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors). Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix: Make sure CSP nonce is not double base64 encodedFerdinand Thiessen2024-08-131-1/+4
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* chore: Add SPDX headerAndy Scherzinger2024-05-241-24/+2
| | | | Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
* fix(CSP): Add CSP nonce by default and convert `browserSupportsCspV3` to ↵Ferdinand Thiessen2024-03-261-8/+5
| | | | | | blocklist Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix: Add edge as supported user agent for CSPv3 noncesJulius Härtl2024-03-081-0/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Refactors lib/private/Security.Faraz Samapoor2023-09-271-19/+6
| | | | | | Mainly using PHP8's constructor property promotion. Signed-off-by: Faraz Samapoor <fsa@adlas.at>
* Fix detection of firefox in ContentSecurityPolicyNonceManagerCarl Schwan2022-06-291-4/+2
| | | | | | | | Reuse Request::USER_AGENT_FIREFOX, and also update the safari detection since safari < 12 is not supported anymore and we can remove a bit of code duplication Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Update php licensesJohn Molakvoæ (skjnldsv)2021-06-041-2/+1
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Update license headers for 19Christoph Wurst2020-04-291-0/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Format control structures, classes, methods and functionChristoph Wurst2020-04-101-2/+2
| | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update the license headers for Nextcloud 19Christoph Wurst2020-03-311-0/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* fix safari useragent for versions with 3 digitsPavel Krasikov2020-03-141-1/+1
| | | | Signed-off-by: Pavel Krasikov <klonishe@gmail.com>
* Update license headersChristoph Wurst2019-12-051-1/+4
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add support for CSP_NONCE server variableSam Bull2019-07-181-1/+5
| | | | | | | Allow passing a nonce from the web server, allowing the possibility to enforce a strict CSP from the web server. Signed-off-by: Sam Bull <git@sambull.org> Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add nonce for Safari 12+Roeland Jago Douma2018-10-211-0/+2
| | | | | | As far as I can tell this should work now. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make OC\Security\CSP strictRoeland Jago Douma2018-03-051-2/+3
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update license headersMorris Jobke2017-11-061-0/+4
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Safari CSPv3 support is sub-parLukas Reschke2016-12-141-2/+0
| | | | | | | | With 10.0.1 CSPv3 is broken in Safari if it doesn't run from a local IP. Awesome. => Let's remove this for Safari and keep chrome and Firefox in the whitelist. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Identify Chromium as ChromeJoas Schilling2016-10-261-2/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Missing returns + autoloader fileLukas Reschke2016-10-251-0/+1
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Move browserSupportsCspV3 to CSPNonceManagerRoeland Jago Douma2016-10-251-1/+28
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add ContentSecurityPolicyNonceManagerLukas Reschke2016-10-241-0/+54
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-30 23:18:47 +0000