nextcloud

upstream/nextcloud

Fork 0

mirror of https://github.com/nextcloud/server.git synced 2026-02-03 20:41:22 -05:00

Commit graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Ferdinand Thiessen	2916e5df7e	feat: Provide CSP nonce as `<meta>` element This way we use the CSP nonce for dynamically loaded scripts. Important to notice: The CSP nonce must NOT be injected in `content` as this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors). Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-13 10:32:44 +02:00
Grigorii K. Shartsev	885ec73603	chore(core): wrap initial state into hidden container Signed-off-by: Grigorii K. Shartsev <me@shgk.me>	2024-07-30 13:24:38 +02:00

Ferdinand Thiessen

2916e5df7e

feat: Provide CSP nonce as <meta> element

This way we use the CSP nonce for dynamically loaded scripts.
Important to notice: The CSP nonce must NOT be injected in `content` as
this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors).

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

2024-08-13 10:32:44 +02:00

Grigorii K. Shartsev

885ec73603

chore(core): wrap initial state into hidden container

Signed-off-by: Grigorii K. Shartsev <me@shgk.me>

2024-07-30 13:24:38 +02:00

2 commits