|
1
|
|
|
<?php |
|
2
|
|
|
declare(strict_types=1); |
|
3
|
|
|
/** |
|
4
|
|
|
* @copyright 2018, Roeland Jago Douma <[email protected]> |
|
5
|
|
|
* |
|
6
|
|
|
* @author Roeland Jago Douma <[email protected]> |
|
7
|
|
|
* |
|
8
|
|
|
* @license GNU AGPL version 3 or any later version |
|
9
|
|
|
* |
|
10
|
|
|
* This program is free software: you can redistribute it and/or modify |
|
11
|
|
|
* it under the terms of the GNU Affero General Public License as |
|
12
|
|
|
* published by the Free Software Foundation, either version 3 of the |
|
13
|
|
|
* License, or (at your option) any later version. |
|
14
|
|
|
* |
|
15
|
|
|
* This program is distributed in the hope that it will be useful, |
|
16
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
17
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
18
|
|
|
* GNU Affero General Public License for more details. |
|
19
|
|
|
* |
|
20
|
|
|
* You should have received a copy of the GNU Affero General Public License |
|
21
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
22
|
|
|
* |
|
23
|
|
|
*/ |
|
24
|
|
|
|
|
25
|
|
|
namespace OCP\AppFramework\Http; |
|
26
|
|
|
|
|
27
|
|
|
/** |
|
28
|
|
|
* Class StrictInlineContentSecurityPolicy is a simple helper which allows applications to |
|
29
|
|
|
* modify the Content-Security-Policy sent by Nextcloud. Per default only JavaScript, |
|
30
|
|
|
* stylesheets, images, fonts, media and connections from the same domain |
|
31
|
|
|
* ('self') are allowed. |
|
32
|
|
|
* |
|
33
|
|
|
* Even if a value gets modified above defaults will still get appended. Please |
|
34
|
|
|
* notice that Nextcloud ships already with sensible defaults and those policies |
|
35
|
|
|
* should require no modification at all for most use-cases. |
|
36
|
|
|
* |
|
37
|
|
|
* This is a temp helper class from the default ContentSecurityPolicy to allow slow |
|
38
|
|
|
* migration to a stricter CSP. This does not allow unsafe eval. |
|
39
|
|
|
* |
|
40
|
|
|
* @package OCP\AppFramework\Http |
|
41
|
|
|
* @since 14.0.0 |
|
42
|
|
|
*/ |
|
43
|
|
|
class StrictEvalContentSecurityPolicy extends ContentSecurityPolicy { |
|
|
|
|
|
|
44
|
|
|
|
|
45
|
|
|
/** |
|
46
|
|
|
* @since 14.0.0 |
|
47
|
|
|
*/ |
|
48
|
|
|
public function __construct() { |
|
49
|
|
|
$this->inlineStyleAllowed = false; |
|
50
|
|
|
} |
|
51
|
|
|
} |
|
52
|
|
|
|
nextcloud /
server
This class, trait or interface has been deprecated. The supplier of the file has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the type will be removed from the class and what other constant to use instead.