wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
server/lib/public/Security/IContentSecurityPolicyManager.php
Roeland Jago Douma 5ac857bcdc
Add an event to edit the CSP 
This introduces and event that can be listend to when we actually use
the CSP. This means that apps no longer have to always inject their CSP
but only do so when it is required. Yay for being lazy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-08 20:35:15 +02:00

53 lines
2 KiB
PHP
Raw Blame History

<?php
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
* @author Lukas Reschke <lukas@statuscode.ch>
*
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCP\Security;
use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
/**
* Used for Content Security Policy manipulations
*
* @package OCP\Security
* @since 9.0.0
* @deprecated 17.0.0 listen to the AddContentSecurityPolicyEvent to add a policy
*/
interface IContentSecurityPolicyManager {
/**
* Allows to inject something into the default content policy. This is for
* example useful when you're injecting Javascript code into a view belonging
* to another controller and cannot modify its Content-Security-Policy itself.
* Note that the adjustment is only applied to applications that use AppFramework
* controllers.
*
* To use this from your `app.php` use `\OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy)`,
* $policy has to be of type `\OCP\AppFramework\Http\ContentSecurityPolicy`.
*
* WARNING: Using this API incorrectly may make the instance more insecure.
* Do think twice before adding whitelisting resources. Please do also note
* that it is not possible to use the `disallowXYZ` functions.
*
* @param EmptyContentSecurityPolicy $policy
* @since 9.0.0
* @deprecated 17.0.0 listen to the AddContentSecurityPolicyEvent to add a policy
*/
public function addDefaultPolicy(EmptyContentSecurityPolicy $policy);
}
Reference in a new issue View git blame Copy permalink