upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-28 01:50:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 31
nextcloud/tests/lib/AppFramework/Http
History
Daniel Calviño Sánchez 41f2d912d2 Allow "wasm-unsafe-eval" in CSP 
If a page has a Content Security Policy header and the `script-src` (or
`default-src`) directive does not contain neither `wasm-unsafe-eval` nor
`unsafe-eval` loading and executing WebAssembly is blocked in the page
(although it is still possible to load and execute WebAssembly in a
worker thread).

Although the Nextcloud classes to manage the CSP already supported
allowing `unsafe-eval` this affects not only WebAssembly, but also the
`eval` operation in JavaScript.

To make possible to allow WebAssembly execution without allowing
JavaScript `eval` this commit adds support for allowing
`wasm-unsafe-eval`.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2023-08-10 02:38:41 +02:00
..
ContentSecurityPolicyTest.php Allow "wasm-unsafe-eval" in CSP 2023-08-10 02:38:41 +02:00
DataResponseTest.php
DispatcherTest.php
DownloadResponseTest.php
EmptyContentSecurityPolicyTest.php Allow "wasm-unsafe-eval" in CSP 2023-08-10 02:38:41 +02:00
EmptyFeaturePolicyTest.php
FeaturePolicyTest.php
FileDisplayResponseTest.php
HttpTest.php
JSONResponseTest.php
OutputTest.php
PublicTemplateResponseTest.php
RedirectResponseTest.php
RequestIdTest.php
RequestStream.php
RequestTest.php feat(request): Allow to match the client version with the IRequest::USER_AGENT_* regex 2023-07-11 07:35:50 +02:00
ResponseTest.php Add template types to responses 2023-06-30 09:33:29 +02:00
StreamResponseTest.php
TemplateResponseTest.php