mirror of
https://github.com/nextcloud/server.git
synced 2026-02-17 09:51:38 -05:00
41f2d912d2
If a page has a Content Security Policy header and the `script-src` (or `default-src`) directive does not contain neither `wasm-unsafe-eval` nor `unsafe-eval` loading and executing WebAssembly is blocked in the page (although it is still possible to load and execute WebAssembly in a worker thread). Although the Nextcloud classes to manage the CSP already supported allowing `unsafe-eval` this affects not only WebAssembly, but also the `eval` operation in JavaScript. To make possible to allow WebAssembly execution without allowing JavaScript `eval` this commit adds support for allowing `wasm-unsafe-eval`. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com> |
||
|---|---|---|
| .. | ||
| Bruteforce | ||
| CSP | ||
| CSRF | ||
| FeaturePolicy | ||
| IdentityProof | ||
| Normalizer | ||
| RateLimiting | ||
| VerificationToken | ||
| Certificate.php | ||
| CertificateManager.php | ||
| CredentialsManager.php | ||
| Crypto.php | ||
| Hasher.php | ||
| RemoteHostValidator.php | ||
| SecureRandom.php | ||
| TrustedDomainHelper.php | ||