nextcloud-server-mirror/core/templates/layout.initial-state.php at master

mirror of https://github.com/nextcloud/server.git synced 2026-02-27 18:37:17 +01:00

Files

Ferdinand Thiessen 2916e5df7e feat: Provide CSP nonce as <meta> element

This way we use the CSP nonce for dynamically loaded scripts.
Important to notice: The CSP nonce must NOT be injected in `content` as
this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors).

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

2024-08-13 10:32:44 +02:00

391 B

Raw Permalink Blame History

View Raw

391 B Raw Permalink Blame History

391 B

Raw Permalink Blame History