|
|
|
@ -47,6 +47,8 @@ class EmptyContentSecurityPolicy {
|
|
|
|
|
* @link https://github.com/owncloud/core/issues/11925
|
|
|
|
|
*/
|
|
|
|
|
protected $evalScriptAllowed = null;
|
|
|
|
|
/** @var bool Whether WebAssembly compilation is allowed */
|
|
|
|
|
protected ?bool $evalWasmAllowed = null;
|
|
|
|
|
/** @var array Domains from which scripts can get loaded */
|
|
|
|
|
protected $allowedScriptDomains = null;
|
|
|
|
|
/**
|
|
|
|
@ -116,6 +118,17 @@ class EmptyContentSecurityPolicy {
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Whether WebAssembly compilation is allowed or forbidden
|
|
|
|
|
* @param bool $state
|
|
|
|
|
* @return $this
|
|
|
|
|
* @since 28.0.0
|
|
|
|
|
*/
|
|
|
|
|
public function allowEvalWasm(bool $state = true) {
|
|
|
|
|
$this->evalWasmAllowed = $state;
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Allows to execute JavaScript files from a specific domain. Use * to
|
|
|
|
|
* allow JavaScript from all domains.
|
|
|
|
@ -433,7 +446,7 @@ class EmptyContentSecurityPolicy {
|
|
|
|
|
$policy .= "base-uri 'none';";
|
|
|
|
|
$policy .= "manifest-src 'self';";
|
|
|
|
|
|
|
|
|
|
if (!empty($this->allowedScriptDomains) || $this->evalScriptAllowed) {
|
|
|
|
|
if (!empty($this->allowedScriptDomains) || $this->evalScriptAllowed || $this->evalWasmAllowed) {
|
|
|
|
|
$policy .= 'script-src ';
|
|
|
|
|
if (is_string($this->useJsNonce)) {
|
|
|
|
|
if ($this->strictDynamicAllowed) {
|
|
|
|
@ -453,6 +466,9 @@ class EmptyContentSecurityPolicy {
|
|
|
|
|
if ($this->evalScriptAllowed) {
|
|
|
|
|
$policy .= ' \'unsafe-eval\'';
|
|
|
|
|
}
|
|
|
|
|
if ($this->evalWasmAllowed) {
|
|
|
|
|
$policy .= ' \'wasm-unsafe-eval\'';
|
|
|
|
|
}
|
|
|
|
|
$policy .= ';';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|