nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-02-03 20:41:22 -05:00

Author	SHA1	Message	Date
Roeland Jago Douma	5ac857bcdc	Add an event to edit the CSP This introduces and event that can be listend to when we actually use the CSP. This means that apps no longer have to always inject their CSP but only do so when it is required. Yay for being lazy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-07-08 20:35:15 +02:00
Roeland Jago Douma	ad676c0102	Set default frame-ancestors to 'self' For #13042 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-01-08 15:36:40 +01:00
Roeland Jago Douma	64244e1a4f	CSP: Allow fonts to be provided in data Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-01-07 15:07:06 +01:00
Roeland Jago Douma	5b61ef9213	Disallow unsafe-eval by default Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-10-14 20:45:34 +02:00
Joas Schilling	bf2be08c9f	Fix risky tests without assertions Signed-off-by: Joas Schilling <coding@schilljs.com>	2018-01-25 11:33:25 +01:00
Morris Jobke	f9bc53146d	Fix unit tests Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-03-28 21:00:12 -06:00
Lukas Reschke	adfd1e63f6	Add base-uri to CSP policy As per https://twitter.com/we1x/status/842032709543333890 a nice security hardening Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-03-16 15:16:20 +01:00
Roeland Jago Douma	e351ba56f1	Move browserSupportsCspV3 to CSPNonceManager Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2016-10-25 22:03:10 +02:00
Lukas Reschke	38b3ac8213	Add ContentSecurityPolicyNonceManager Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2016-10-24 16:35:31 +02:00
Joas Schilling	94ad54ec9b	Move tests/ to PSR-4 (#24731 ) * Move a-b to PSR-4 * Move c-d to PSR-4 * Move e+g to PSR-4 * Move h-l to PSR-4 * Move m-r to PSR-4 * Move s-u to PSR-4 * Move files/ to PSR-4 * Move remaining tests to PSR-4 * Remove Test\ from old autoloader	2016-05-20 15:38:20 +02:00

10 commits