server/tests/lib/appframework/http
Lukas Reschke 809ff5ac95 Add public API to give developers the possibility to adjust the global CSP defaults
Allows to inject something into the default content policy. This is for
example useful when you're injecting Javascript code into a view belonging
to another controller and cannot modify its Content-Security-Policy itself.
Note that the adjustment is only applied to applications that use AppFramework
controllers.

To use this from your `app.php` use `\OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy)`,
$policy has to be of type `\OCP\AppFramework\Http\ContentSecurityPolicy`.

To test this add something like the following into an `app.php` of any enabled app:
```
$manager = \OC::$server->getContentSecurityPolicyManager();
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false);
$policy->addAllowedFrameDomain('asdf');
$policy->addAllowedScriptDomain('yolo.com');

$policy->allowInlineScript(false);
$manager->addDefaultPolicy($policy);
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false);
$policy->addAllowedFontDomain('yolo.com');
$manager->addDefaultPolicy($policy);

$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false);
$policy->addAllowedFrameDomain('banana.com');
$manager->addDefaultPolicy($policy);
```

If you now open the files app the policy should be:

```
Content-Security-Policy:default-src 'none';script-src yolo.com 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src yolo.com 'self';connect-src 'self';media-src 'self';frame-src asdf banana.com 'self'
```
2016-01-28 18:36:46 +01:00
..
ContentSecurityPolicyTest.php Add public API to give developers the possibility to adjust the global CSP defaults 2016-01-28 18:36:46 +01:00
DataResponseTest.php Add blob: scheme to default CSP policy 2015-09-29 14:27:35 +02:00
DispatcherTest.php Remove dependency on ICrypto + use XOR 2015-10-21 17:33:41 +02:00
DownloadResponseTest.php Make remaining files extend the test base 2014-11-19 14:53:59 +01:00
EmptyContentSecurityPolicyTest.php Add public API to give developers the possibility to adjust the global CSP defaults 2016-01-28 18:36:46 +01:00
HttpTest.php Properly return 304 2015-09-01 11:04:41 +02:00
JSONResponseTest.php Rename data provider to avoid risky test warning 2015-09-09 12:52:54 +02:00
OCSResponseTest.php Remove duplicate and unused code 2015-08-03 21:03:11 +02:00
RedirectResponseTest.php Make remaining files extend the test base 2014-11-19 14:53:59 +01:00
requeststream.php Implement PUT an PATCH support 2013-10-01 20:13:13 +02:00
RequestTest.php Add new CSRF manager for unit testing purposes 2016-01-25 20:03:40 +01:00
ResponseTest.php Add blob: scheme to default CSP policy 2015-09-29 14:27:35 +02:00
StreamResponseTest.php AppFramework StreamResponse 2015-02-27 15:42:33 +01:00
TemplateResponseTest.php Make remaining files extend the test base 2014-11-19 14:53:59 +01:00