mirror of https://github.com/nextcloud/server.git synced 2026-03-04 18:28:08 +01:00

Go to file

Lukas Reschke 809ff5ac95 Add public API to give developers the possibility to adjust the global CSP defaults

Allows to inject something into the default content policy. This is for
example useful when you're injecting Javascript code into a view belonging
to another controller and cannot modify its Content-Security-Policy itself.
Note that the adjustment is only applied to applications that use AppFramework
controllers.

To use this from your `app.php` use `\OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy)`,
$policy has to be of type `\OCP\AppFramework\Http\ContentSecurityPolicy`.

To test this add something like the following into an `app.php` of any enabled app:
```
$manager = \OC::$server->getContentSecurityPolicyManager();
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false);
$policy->addAllowedFrameDomain('asdf');
$policy->addAllowedScriptDomain('yolo.com');

$policy->allowInlineScript(false);
$manager->addDefaultPolicy($policy);
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false);
$policy->addAllowedFontDomain('yolo.com');
$manager->addDefaultPolicy($policy);

$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false);
$policy->addAllowedFrameDomain('banana.com');
$manager->addDefaultPolicy($policy);
```

If you now open the files app the policy should be:

```
Content-Security-Policy:default-src 'none';script-src yolo.com 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src yolo.com 'self';connect-src 'self';media-src 'self';frame-src asdf banana.com 'self'
```

2016-01-28 18:36:46 +01:00

.idea

…

3rdparty @ 177daad35d

[3rdparty] Bump symfony/process to 2.8.1

2016-01-19 09:36:17 +01:00

apps

Fix OCS unit tests after two share merges

2016-01-28 13:17:16 +01:00

build

Add intergration test for shared_with me and group shares

2016-01-21 15:56:44 +01:00

config

Allow custom implementation of system tag managers

2016-01-20 16:36:10 +01:00

core

Fix share default expiration date calculation

2016-01-28 15:25:34 +01:00

l10n

Merge pull request #19398 from owncloud/fix-tranifex

2015-09-28 10:49:06 +02:00

lib

Add public API to give developers the possibility to adjust the global CSP defaults

2016-01-28 18:36:46 +01:00

ocs

Move findLanguage() and setLanguageFromRequest() to factory

2016-01-26 14:02:31 +01:00

ocs-provider

Reference v2 in the provider list

2015-10-13 16:45:16 +02:00

resources

Sync certificates with upstream

2016-01-22 22:10:17 +01:00

settings

Merge pull request #21741 from owncloud/l10n-improvements

2016-01-27 09:37:00 +01:00

tests

Add public API to give developers the possibility to adjust the global CSP defaults

2016-01-28 18:36:46 +01:00

themes

update example theme favicon

2015-11-03 14:24:20 +01:00

.bowerrc

…

.gitignore

Added system tags GUI in sidebar

2016-01-19 16:24:26 +01:00

.gitmodules

…

.htaccess

Add X-Download-Options and X-Permitted-Cross-Domain-Policies

2016-01-12 10:37:16 +01:00

.jshintrc

…

.mailmap

Correct mailmap for Robin McCorkell to robin@mccorkell.me.uk

2015-12-24 11:51:37 +00:00

.mention-bot

Merge pull request #21970 from zander/mentionbot

2016-01-28 11:20:25 +01:00

.scrutinizer.yml

Revert "Specify PHP 5.4 as version for scrutinizer"

2015-10-29 14:30:14 +01:00

.tag

…

.travis.yml

Adding integration tests for CalDAV

2015-12-21 16:04:27 +01:00

.user.ini

Also set output_buffering in .user.ini to 0

2015-09-29 17:49:37 +02:00

AUTHORS

Happy new year!

2016-01-12 15:02:18 +01:00

autotest-external.sh

script shall exit with error in case the start file has issues - fixes #20798

2015-12-09 12:09:45 +01:00

autotest-hhvm.sh

…

autotest-js.sh

Use a universal shebang

2015-09-27 13:03:31 +02:00

autotest.cmd

…

autotest.sh

Make autotest.sh able to output proper coverage again

2015-12-01 12:03:27 +01:00

bower.json

Add davidchambers/base64 JS library

2015-12-14 17:48:30 +01:00

buildjsdocs.sh

Added OC.Files.Client Webdav-based files client

2015-11-22 16:05:49 +01:00

console.php

Happy new year!

2016-01-12 15:02:18 +01:00

CONTRIBUTING.md

Replace list of apps with a link

2015-12-16 13:58:18 +01:00

COPYING-AGPL

…

COPYING-README

…

cron.php

Happy new year!

2016-01-12 15:02:18 +01:00

db_structure.xml

Merge pull request #18531 from owncloud/ext-user-credentials

2016-01-22 13:14:14 +01:00

index.html

…

index.php

Happy new year!

2016-01-12 15:02:18 +01:00

issue_template.md

Add question about code signing status

2016-01-15 18:25:38 +01:00

occ

…

public.php

Happy new year!

2016-01-12 15:02:18 +01:00

README.md

Update README.md

2015-12-20 10:33:14 +01:00

remote.php

Move findLanguage() and setLanguageFromRequest() to factory

2016-01-26 14:02:31 +01:00

robots.txt

…

status.php

Happy new year!

2016-01-12 15:02:18 +01:00

version.php

Increase version due to new tables

2016-01-22 11:04:04 +01:00

README.md

ownCloud Core

ownCloud gives you freedom and control over your own data. A personal cloud which runs on your own server.

Why is this so awesome?

📁 Access your Data You can store your files, contacts, calendars and more on a server of your choosing.
📦 Sync your Data You keep your files, contacts, calendars and more synchronized amongst your devices.
🔄 Share your Data You share your data with others, and give them access to your latest photo galleries, your calendar or anything else you want them to see.
🚀 Expandable with dozens of Apps ...like Calendar, Contacts, Mail or News.
☁️ All Benefits of the Cloud ...on your own Server.
🔒 Encryption You can encrypt data in transit with secure https connections. You can enable the encryption app to encrypt data on storage for improved security and privacy.
...