mirror of
https://github.com/nextcloud/server.git
synced 2026-02-03 20:41:22 -05:00
41f2d912d2
If a page has a Content Security Policy header and the `script-src` (or `default-src`) directive does not contain neither `wasm-unsafe-eval` nor `unsafe-eval` loading and executing WebAssembly is blocked in the page (although it is still possible to load and execute WebAssembly in a worker thread). Although the Nextcloud classes to manage the CSP already supported allowing `unsafe-eval` this affects not only WebAssembly, but also the `eval` operation in JavaScript. To make possible to allow WebAssembly execution without allowing JavaScript `eval` this commit adds support for allowing `wasm-unsafe-eval`. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com> |
||
|---|---|---|
| .. | ||
| ContentSecurityPolicyTest.php | ||
| DataResponseTest.php | ||
| DispatcherTest.php | ||
| DownloadResponseTest.php | ||
| EmptyContentSecurityPolicyTest.php | ||
| EmptyFeaturePolicyTest.php | ||
| FeaturePolicyTest.php | ||
| FileDisplayResponseTest.php | ||
| HttpTest.php | ||
| JSONResponseTest.php | ||
| OutputTest.php | ||
| PublicTemplateResponseTest.php | ||
| RedirectResponseTest.php | ||
| RequestIdTest.php | ||
| RequestStream.php | ||
| RequestTest.php | ||
| ResponseTest.php | ||
| StreamResponseTest.php | ||
| TemplateResponseTest.php | ||