1
0

StrictEvalContentSecurityPolicy.php 1.0 KB

123456789101112131415161718192021222324252627282930313233
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
  5. * SPDX-License-Identifier: AGPL-3.0-or-later
  6. */
  7. namespace OCP\AppFramework\Http;
  8. /**
  9. * Class StrictEvalContentSecurityPolicy is a simple helper which allows applications to
  10. * modify the Content-Security-Policy sent by Nextcloud. Per default only JavaScript,
  11. * stylesheets, images, fonts, media and connections from the same domain
  12. * ('self') are allowed.
  13. *
  14. * Even if a value gets modified above defaults will still get appended. Please
  15. * note that Nextcloud ships already with sensible defaults and those policies
  16. * should require no modification at all for most use-cases.
  17. *
  18. * This is a temp helper class from the default ContentSecurityPolicy to allow slow
  19. * migration to a stricter CSP. This does not allow unsafe eval.
  20. *
  21. * @since 14.0.0
  22. * @deprecated 17.0.0
  23. */
  24. class StrictEvalContentSecurityPolicy extends ContentSecurityPolicy {
  25. /**
  26. * @since 14.0.0
  27. */
  28. public function __construct() {
  29. $this->evalScriptAllowed = false;
  30. }
  31. }