wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
49868 commits 157 branches 562 tags 714 MiB
Commit graph

17 commits

Author SHA1 Message Date
Roeland Jago Douma
5ac857bcdc
Add an event to edit the CSP 
This introduces and event that can be listend to when we actually use
the CSP. This means that apps no longer have to always inject their CSP
but only do so when it is required. Yay for being lazy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-08 20:35:15 +02:00
Morris Jobke
39338aaa67
Merge pull request #11914 from nextcloud/csp/report-uri 
Add report-uri to CSP
 2018-10-23 16:42:24 +02:00
Roeland Jago Douma
0fdc65a15c
Add nonce for Safari 12+ 
As far as I can tell this should work now.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-10-21 20:48:12 +02:00
Roeland Jago Douma
579822b6a5
Add report-uri to CSP 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-10-21 13:38:32 +02:00
Roeland Jago Douma
8354c50911
Deprecate the childSrc functions 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-09-04 07:35:44 +02:00
Roeland Jago Douma
c8fe4b4fc8
Add workerSrc to CSP 
Fixes #11035

Since the child-src directive is deprecated (we should kill it at some
point) we need to have the proper worker-src available

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-09-04 07:35:44 +02:00
Roeland Jago Douma
4ed9b74a6b
Make OC\Security\CSP strict 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-03-05 15:27:05 +01:00
Morris Jobke
0eebff152a
Update license headers 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-06 16:56:19 +01:00
Thomas Citharel
ecf347bd1a Add CSP frame-ancestors support 
Didn't set the @since annotation yet.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2017-09-15 15:23:10 +02:00
Lukas Reschke
7d221ff8f4
Safari CSPv3 support is sub-par 
With 10.0.1 CSPv3 is broken in Safari if it doesn't run from a local IP. Awesome.

=> Let's remove this for Safari and keep chrome and Firefox in the whitelist.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-12-14 13:17:20 +01:00
Joas Schilling
c20ab0049f
Identify Chromium as Chrome 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-10-26 12:07:10 +02:00
Lukas Reschke
015affb082
Missing returns + autoloader file 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-25 22:13:09 +02:00
Roeland Jago Douma
e351ba56f1
Move browserSupportsCspV3 to CSPNonceManager 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-25 22:03:10 +02:00
Lukas Reschke
38b3ac8213
Add ContentSecurityPolicyNonceManager 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-24 16:35:31 +02:00
Joas Schilling
ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke
aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Roeland Jago Douma
9050e76d95
Move \OC\Security to PSR-4 2016-04-14 19:21:18 +02:00