Andy Scherzinger
|
1f7e2ba599
chore: Add SPDX header
|
7 months ago |
Ferdinand Thiessen
|
ecf9f0a872
fix(CSP): Only add `strict-dynamic` when using nonces
|
1 year ago |
Ferdinand Thiessen
|
e231abd9bf
fix!(ContentSecurityPolicy): Make `strict-dynamic` enabled by default on `script-src-elem`
|
1 year ago |
Ferdinand Thiessen
|
7df9eb3351
feat(ContentSecurityPolicy): Allow to set `strict-dynamic` on `script-src-elem` only
|
1 year ago |
Daniel Calviño Sánchez
|
41f2d912d2
Allow "wasm-unsafe-eval" in CSP
|
1 year ago |
Christoph Wurst
|
08a3f37695
chore(appframework)!: Drop \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript
|
1 year ago |
Côme Chilliet
|
f5c361cf44
composer run cs:fix
|
1 year ago |
Julius Härtl
|
bd03dd37be
Allow to set a strict-dynamic CSP through the API
|
2 years ago |
Christoph Wurst
|
74936c49ea
Remove unused imports
|
4 years ago |
Roeland Jago Douma
|
3a7cf40aaa
Mode to modern phpunit
|
5 years ago |
Roeland Jago Douma
|
c007ca624f
Make phpunit8 compatible
|
5 years ago |
Roeland Jago Douma
|
68748d4f85
Some php-cs fixes
|
5 years ago |
Roeland Jago Douma
|
cf647451e5
Update CSP test cases to handle the new form-action
|
5 years ago |
Roeland Jago Douma
|
ad676c0102
Set default frame-ancestors to 'self'
|
6 years ago |
Roeland Jago Douma
|
64244e1a4f
CSP: Allow fonts to be provided in data
|
6 years ago |
Roeland Jago Douma
|
5b61ef9213
Disallow unsafe-eval by default
|
6 years ago |
Thomas Citharel
|
ecf347bd1a
Add CSP frame-ancestors support
|
7 years ago |
Morris Jobke
|
f9bc53146d
Fix unit tests
|
7 years ago |
Lukas Reschke
|
adfd1e63f6
Add base-uri to CSP policy
|
7 years ago |
Joas Schilling
|
94ad54ec9b
Move tests/ to PSR-4 (#24731)
|
8 years ago |