wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
server/lib/public
History
Lukas Reschke 809ff5ac95 Add public API to give developers the possibility to adjust the global CSP defaults 
Allows to inject something into the default content policy. This is for
example useful when you're injecting Javascript code into a view belonging
to another controller and cannot modify its Content-Security-Policy itself.
Note that the adjustment is only applied to applications that use AppFramework
controllers.

To use this from your `app.php` use `\OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy)`,
$policy has to be of type `\OCP\AppFramework\Http\ContentSecurityPolicy`.

To test this add something like the following into an `app.php` of any enabled app:
```
$manager = \OC::$server->getContentSecurityPolicyManager();
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false);
$policy->addAllowedFrameDomain('asdf');
$policy->addAllowedScriptDomain('yolo.com');

$policy->allowInlineScript(false);
$manager->addDefaultPolicy($policy);
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false);
$policy->addAllowedFontDomain('yolo.com');
$manager->addDefaultPolicy($policy);

$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false);
$policy->addAllowedFrameDomain('banana.com');
$manager->addDefaultPolicy($policy);
```

If you now open the files app the policy should be:

```
Content-Security-Policy:default-src 'none';script-src yolo.com 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src yolo.com 'self';connect-src 'self';media-src 'self';frame-src asdf banana.com 'self'
```
2016-01-28 18:36:46 +01:00
..
activity Fix PHPDoc - @changed is no official tag -> use @since 2016-01-22 08:43:05 +01:00
app Happy new year! 2016-01-12 15:02:18 +01:00
appframework Add public API to give developers the possibility to adjust the global CSP defaults 2016-01-28 18:36:46 +01:00
authentication Happy new year! 2016-01-12 15:02:18 +01:00
backgroundjob Happy new year! 2016-01-12 15:02:18 +01:00
capabilities Happy new year! 2016-01-12 15:02:18 +01:00
command Happy new year! 2016-01-12 15:02:18 +01:00
comments Allow custom implementation of system tag managers 2016-01-20 16:36:10 +01:00
contacts Happy new year! 2016-01-12 15:02:18 +01:00
db/querybuilder Fix Oracle comparisons 2016-01-26 14:56:07 +01:00
diagnostics Happy new year! 2016-01-12 15:02:18 +01:00
encryption Happy new year! 2016-01-12 15:02:18 +01:00
files Merge pull request #21858 from owncloud/getMountsForFileId 2016-01-28 11:20:42 +01:00
http/client Happy new year! 2016-01-12 15:02:18 +01:00
l10n Move finding the language files and creating the function out of the object 2016-01-26 14:02:31 +01:00
lock Happy new year! 2016-01-12 15:02:18 +01:00
mail Happy new year! 2016-01-12 15:02:18 +01:00
notification Adjust the since on the interface 2016-01-22 10:51:36 +01:00
preview Happy new year! 2016-01-12 15:02:18 +01:00
route Happy new year! 2016-01-12 15:02:18 +01:00
search Happy new year! 2016-01-12 15:02:18 +01:00
security Add public API to give developers the possibility to adjust the global CSP defaults 2016-01-28 18:36:46 +01:00
share [Share 2.0] Remove setId and setProviderId from the interface 2016-01-28 07:54:16 +01:00
systemtag Allow custom implementation of system tag managers 2016-01-20 16:36:10 +01:00
api.php Happy new year! 2016-01-12 15:02:18 +01:00
app.php Happy new year! 2016-01-12 15:02:18 +01:00
autoloadnotallowedexception.php Happy new year! 2016-01-12 15:02:18 +01:00
backgroundjob.php Happy new year! 2016-01-12 15:02:18 +01:00
config.php Happy new year! 2016-01-12 15:02:18 +01:00
constants.php Happy new year! 2016-01-12 15:02:18 +01:00
contacts.php Happy new year! 2016-01-12 15:02:18 +01:00
db.php Happy new year! 2016-01-12 15:02:18 +01:00
defaults.php Happy new year! 2016-01-12 15:02:18 +01:00
files.php Happy new year! 2016-01-12 15:02:18 +01:00
groupinterface.php add TODOs with the actual interface name 2016-01-14 14:34:35 +01:00
iaddressbook.php Happy new year! 2016-01-12 15:02:18 +01:00
iappconfig.php Happy new year! 2016-01-12 15:02:18 +01:00
iavatar.php Adding support of -1 as size to be passed into get and getFile 2016-01-25 16:54:40 +01:00
iavatarmanager.php Happy new year! 2016-01-12 15:02:18 +01:00
icache.php Happy new year! 2016-01-12 15:02:18 +01:00
icachefactory.php Happy new year! 2016-01-12 15:02:18 +01:00
icertificate.php Happy new year! 2016-01-12 15:02:18 +01:00
icertificatemanager.php Merge pull request #21653 from owncloud/update-license-headers-2016 2016-01-13 08:29:42 +01:00
iconfig.php Happy new year! 2016-01-12 15:02:18 +01:00
icontainer.php Happy new year! 2016-01-12 15:02:18 +01:00
idatetimeformatter.php Happy new year! 2016-01-12 15:02:18 +01:00
idatetimezone.php Happy new year! 2016-01-12 15:02:18 +01:00
idb.php Happy new year! 2016-01-12 15:02:18 +01:00
idbconnection.php Introduce IDBConnection::setValues() 2016-01-18 11:10:41 +01:00
ieventsource.php Happy new year! 2016-01-12 15:02:18 +01:00
igroup.php Happy new year! 2016-01-12 15:02:18 +01:00
igroupmanager.php allow apps to add an OCP GroupInterface backend 2016-01-14 13:58:45 +01:00
ihelper.php Happy new year! 2016-01-12 15:02:18 +01:00
iimage.php Happy new year! 2016-01-12 15:02:18 +01:00
il10n.php Happy new year! 2016-01-12 15:02:18 +01:00
ilogger.php Add message key to context of logException 2016-01-15 14:55:30 +01:00
image.php Happy new year! 2016-01-12 15:02:18 +01:00
imemcache.php Happy new year! 2016-01-12 15:02:18 +01:00
imemcachettl.php Happy new year! 2016-01-12 15:02:18 +01:00
inavigationmanager.php Happy new year! 2016-01-12 15:02:18 +01:00
ipreview.php Happy new year! 2016-01-12 15:02:18 +01:00
irequest.php Happy new year! 2016-01-12 15:02:18 +01:00
isearch.php Happy new year! 2016-01-12 15:02:18 +01:00
iservercontainer.php Add public API to give developers the possibility to adjust the global CSP defaults 2016-01-28 18:36:46 +01:00
isession.php Happy new year! 2016-01-12 15:02:18 +01:00
itagmanager.php Happy new year! 2016-01-12 15:02:18 +01:00
itags.php Happy new year! 2016-01-12 15:02:18 +01:00
itempmanager.php Happy new year! 2016-01-12 15:02:18 +01:00
iurlgenerator.php Happy new year! 2016-01-12 15:02:18 +01:00
iuser.php Introduce IUser::setEMailAddress and add hook mechanism 2016-01-20 14:57:20 +01:00
iuserbackend.php Happy new year! 2016-01-12 15:02:18 +01:00
iusermanager.php Happy new year! 2016-01-12 15:02:18 +01:00
iusersession.php Happy new year! 2016-01-12 15:02:18 +01:00
json.php Happy new year! 2016-01-12 15:02:18 +01:00
preconditionnotmetexception.php Happy new year! 2016-01-12 15:02:18 +01:00
response.php Happy new year! 2016-01-12 15:02:18 +01:00
sabrepluginevent.php Merge pull request #21653 from owncloud/update-license-headers-2016 2016-01-13 08:29:42 +01:00
sabrepluginexception.php Happy new year! 2016-01-12 15:02:18 +01:00
share.php Happy new year! 2016-01-12 15:02:18 +01:00
share_backend.php Happy new year! 2016-01-12 15:02:18 +01:00
share_backend_collection.php Happy new year! 2016-01-12 15:02:18 +01:00
share_backend_file_dependent.php Happy new year! 2016-01-12 15:02:18 +01:00
template.php Remove OC_Helper::imagePath and use the proper public interface 2016-01-24 18:04:20 +01:00
user.php Happy new year! 2016-01-12 15:02:18 +01:00
userinterface.php add TODOs with the actual interface name 2016-01-14 14:34:35 +01:00
util.php Add new CSRF manager for unit testing purposes 2016-01-25 20:03:40 +01:00