archive
/
nextcloud
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #44412 from nextcloud/fix/add-csp-nonce-by-default

Browse Source 
fix(CSP): Add CSP nonce by default and convert `browserSupportsCspV3` to blacklist
pull/44465/head
Ferdinand Thiessen 2 months ago committed by GitHub
parent 42f4e6ac34 5a513c924f
commit 0cb691d07e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File

13
lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
Unescape Escape View File

@ -65,17 +65,14 @@ class ContentSecurityPolicyNonceManager {
* Check if the browser supports CSP v3
*/
public function browserSupportsCspV3(): bool {
$browserWhitelist = [
Request::USER_AGENT_CHROME,
Request::USER_AGENT_FIREFOX,
Request::USER_AGENT_SAFARI,
Request::USER_AGENT_MS_EDGE,
$browserBlocklist = [
Request::USER_AGENT_IE,
];
if ($this->request->isUserAgent($browserWhitelist)) {
return true;
if ($this->request->isUserAgent($browserBlocklist)) {
return false;
}
return false;
return true;
}
}

Write Preview
Loading…
Cancel
Save