From 08a3f3769581dc148c8f86c6fa0997905a6b3a10 Mon Sep 17 00:00:00 2001
From: Christoph Wurst <christoph@winzerhof-wurst.at>
Date: Mon, 5 Jun 2023 11:09:38 +0200
Subject: chore(appframework)!: Drop
 \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
---
 .../AppFramework/Http/EmptyContentSecurityPolicy.php  | 19 +------------------
 1 file changed, 1 insertion(+), 18 deletions(-)

(limited to 'lib')

diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
index 98a42aeabb5..035b4f01f60 100644
--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
@@ -37,8 +37,6 @@ namespace OCP\AppFramework\Http;
  * @since 9.0.0
  */
 class EmptyContentSecurityPolicy {
-	/** @var bool Whether inline JS snippets are allowed */
-	protected $inlineScriptAllowed = null;
 	/** @var string Whether JS nonces should be used */
 	protected $useJsNonce = null;
 	/** @var bool Whether strict-dynamic should be used */
@@ -83,18 +81,6 @@ class EmptyContentSecurityPolicy {
 	/** @var array Locations to report violations to */
 	protected $reportTo = null;
 
-	/**
-	 * Whether inline JavaScript snippets are allowed or forbidden
-	 * @param bool $state
-	 * @return $this
-	 * @since 8.1.0
-	 * @deprecated 10.0 CSP tokens are now used
-	 */
-	public function allowInlineScript($state = false) {
-		$this->inlineScriptAllowed = $state;
-		return $this;
-	}
-
 	/**
 	 * @param bool $state
 	 * @return EmptyContentSecurityPolicy
@@ -447,7 +433,7 @@ class EmptyContentSecurityPolicy {
 		$policy .= "base-uri 'none';";
 		$policy .= "manifest-src 'self';";
 
-		if (!empty($this->allowedScriptDomains) || $this->inlineScriptAllowed || $this->evalScriptAllowed) {
+		if (!empty($this->allowedScriptDomains) || $this->evalScriptAllowed) {
 			$policy .= 'script-src ';
 			if (is_string($this->useJsNonce)) {
 				if ($this->strictDynamicAllowed) {
@@ -464,9 +450,6 @@ class EmptyContentSecurityPolicy {
 			if (is_array($this->allowedScriptDomains)) {
 				$policy .= implode(' ', $this->allowedScriptDomains);
 			}
-			if ($this->inlineScriptAllowed) {
-				$policy .= ' \'unsafe-inline\'';
-			}
 			if ($this->evalScriptAllowed) {
 				$policy .= ' \'unsafe-eval\'';
 			}
-- 
cgit v1.2.3