upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-03 20:41:22 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 25
nextcloud/lib/private/Security/CSP
History
Ferdinand Thiessen 2916e5df7e
feat: Provide CSP nonce as <meta> element 
This way we use the CSP nonce for dynamically loaded scripts.
Important to notice: The CSP nonce must NOT be injected in `content` as
this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors).

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-08-13 10:32:44 +02:00
..
ContentSecurityPolicy.php chore: Add SPDX header 2024-05-24 13:11:22 +02:00
ContentSecurityPolicyManager.php chore: Add SPDX header 2024-05-24 13:11:22 +02:00
ContentSecurityPolicyNonceManager.php feat: Provide CSP nonce as <meta> element 2024-08-13 10:32:44 +02:00