mirror of
https://github.com/nextcloud/server.git
synced 2026-03-02 13:31:14 -05:00
41f2d912d2
If a page has a Content Security Policy header and the `script-src` (or `default-src`) directive does not contain neither `wasm-unsafe-eval` nor `unsafe-eval` loading and executing WebAssembly is blocked in the page (although it is still possible to load and execute WebAssembly in a worker thread). Although the Nextcloud classes to manage the CSP already supported allowing `unsafe-eval` this affects not only WebAssembly, but also the `eval` operation in JavaScript. To make possible to allow WebAssembly execution without allowing JavaScript `eval` this commit adds support for allowing `wasm-unsafe-eval`. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com> |
||
|---|---|---|
| .. | ||
| Bootstrap | ||
| Db | ||
| Http | ||
| OCS | ||
| Services | ||
| Utility | ||
| ApiController.php | ||
| App.php | ||
| AuthPublicShareController.php | ||
| Controller.php | ||
| Http.php | ||
| IAppContainer.php | ||
| Middleware.php | ||
| OCSController.php | ||
| PublicShareController.php | ||
| QueryException.php | ||