aboutsummaryrefslogtreecommitdiffstats
path: root/tests/lib/Security/CSP
Commit message (Collapse)AuthorAgeFilesLines
* refactor: Add void return type to PHPUnit test methodsChristoph Wurst2024-09-153-6/+6
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* test: Adjust tests for CSP nonceFerdinand Thiessen2024-08-131-9/+14
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* chore: Add SPDX headerAndy Scherzinger2024-05-133-53/+7
| | | | Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
* fix(CSP): Only add `strict-dynamic` when using noncesFerdinand Thiessen2023-11-171-2/+2
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix!(ContentSecurityPolicy): Make `strict-dynamic` enabled by default on ↵Ferdinand Thiessen2023-11-171-2/+2
| | | | | | `script-src-elem` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix: Align doc type with creationJoas Schilling2023-07-271-2/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* chore(appframework)!: Drop ↵Christoph Wurst2023-06-121-6/+2
| | | | | | \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add CSP policy merge priority for booleansVincent Petry2022-04-011-1/+2
| | | | | | When two booleans conflict when merging CSP policies, true will win. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Allow to set a strict-dynamic CSP through the APIJulius Härtl2022-03-091-0/+2
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Make Security module strictJ0WI2021-04-193-0/+7
| | | | Signed-off-by: J0WI <J0WI@users.noreply.github.com>
* Format control structures, classes, methods and functionChristoph Wurst2020-04-102-2/+1
| | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Unify function spacing to PSR2 recommendationChristoph Wurst2020-04-091-3/+3
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use a blank line after the opening tagChristoph Wurst2020-04-091-0/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use exactly one empty line after the namespace declarationChristoph Wurst2020-04-091-1/+0
| | | | | | For PSR2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Remove unused importsChristoph Wurst2020-03-251-2/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Mode to modern phpunitRoeland Jago Douma2019-11-272-2/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make phpunit8 compatibleRoeland Jago Douma2019-11-272-2/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update CSP test cases to handle the new form-actionRoeland Jago Douma2019-07-311-2/+6
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add support for CSP_NONCE server variableSam Bull2019-07-181-2/+21
| | | | | | | Allow passing a nonce from the web server, allowing the possibility to enforce a strict CSP from the web server. Signed-off-by: Sam Bull <git@sambull.org> Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add an event to edit the CSPRoeland Jago Douma2019-07-082-2/+96
| | | | | | | | This introduces and event that can be listend to when we actually use the CSP. This means that apps no longer have to always inject their CSP but only do so when it is required. Yay for being lazy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Set default frame-ancestors to 'self'Roeland Jago Douma2019-01-081-1/+1
| | | | | | For #13042 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* CSP: Allow fonts to be provided in dataRoeland Jago Douma2019-01-071-1/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Disallow unsafe-eval by defaultRoeland Jago Douma2018-10-141-0/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix risky tests without assertionsJoas Schilling2018-01-251-0/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix unit testsMorris Jobke2017-03-281-1/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Add base-uri to CSP policyLukas Reschke2017-03-161-1/+1
| | | | | | As per https://twitter.com/we1x/status/842032709543333890 a nice security hardening Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Move browserSupportsCspV3 to CSPNonceManagerRoeland Jago Douma2016-10-251-1/+3
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add ContentSecurityPolicyNonceManagerLukas Reschke2016-10-241-0/+57
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Move tests/ to PSR-4 (#24731)Joas Schilling2016-05-201-0/+69
* Move a-b to PSR-4 * Move c-d to PSR-4 * Move e+g to PSR-4 * Move h-l to PSR-4 * Move m-r to PSR-4 * Move s-u to PSR-4 * Move files/ to PSR-4 * Move remaining tests to PSR-4 * Remove Test\ from old autoloader
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-04 19:43:51 +0000