1
0

ContentSecurityPolicy.php 5.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
  5. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  6. * SPDX-License-Identifier: AGPL-3.0-only
  7. */
  8. namespace OC\Security\CSP;
  9. /**
  10. * Class ContentSecurityPolicy extends the public class and adds getter and setters.
  11. * This is necessary since we don't want to expose the setters and getters to the
  12. * public API.
  13. *
  14. * @package OC\Security\CSP
  15. */
  16. class ContentSecurityPolicy extends \OCP\AppFramework\Http\ContentSecurityPolicy {
  17. public function isInlineScriptAllowed(): bool {
  18. return $this->inlineScriptAllowed;
  19. }
  20. public function setInlineScriptAllowed(bool $inlineScriptAllowed): void {
  21. $this->inlineScriptAllowed = $inlineScriptAllowed;
  22. }
  23. public function isEvalScriptAllowed(): bool {
  24. return $this->evalScriptAllowed;
  25. }
  26. /**
  27. * @deprecated 17.0.0 Unsafe eval should not be used anymore.
  28. */
  29. public function setEvalScriptAllowed(bool $evalScriptAllowed): void {
  30. $this->evalScriptAllowed = $evalScriptAllowed;
  31. }
  32. public function isEvalWasmAllowed(): ?bool {
  33. return $this->evalWasmAllowed;
  34. }
  35. public function setEvalWasmAllowed(bool $evalWasmAllowed): void {
  36. $this->evalWasmAllowed = $evalWasmAllowed;
  37. }
  38. public function getAllowedScriptDomains(): array {
  39. return $this->allowedScriptDomains;
  40. }
  41. public function setAllowedScriptDomains(array $allowedScriptDomains): void {
  42. $this->allowedScriptDomains = $allowedScriptDomains;
  43. }
  44. public function isInlineStyleAllowed(): bool {
  45. return $this->inlineStyleAllowed;
  46. }
  47. public function setInlineStyleAllowed(bool $inlineStyleAllowed): void {
  48. $this->inlineStyleAllowed = $inlineStyleAllowed;
  49. }
  50. public function getAllowedStyleDomains(): array {
  51. return $this->allowedStyleDomains;
  52. }
  53. public function setAllowedStyleDomains(array $allowedStyleDomains): void {
  54. $this->allowedStyleDomains = $allowedStyleDomains;
  55. }
  56. public function getAllowedImageDomains(): array {
  57. return $this->allowedImageDomains;
  58. }
  59. public function setAllowedImageDomains(array $allowedImageDomains): void {
  60. $this->allowedImageDomains = $allowedImageDomains;
  61. }
  62. public function getAllowedConnectDomains(): array {
  63. return $this->allowedConnectDomains;
  64. }
  65. public function setAllowedConnectDomains(array $allowedConnectDomains): void {
  66. $this->allowedConnectDomains = $allowedConnectDomains;
  67. }
  68. public function getAllowedMediaDomains(): array {
  69. return $this->allowedMediaDomains;
  70. }
  71. public function setAllowedMediaDomains(array $allowedMediaDomains): void {
  72. $this->allowedMediaDomains = $allowedMediaDomains;
  73. }
  74. public function getAllowedObjectDomains(): array {
  75. return $this->allowedObjectDomains;
  76. }
  77. public function setAllowedObjectDomains(array $allowedObjectDomains): void {
  78. $this->allowedObjectDomains = $allowedObjectDomains;
  79. }
  80. public function getAllowedFrameDomains(): array {
  81. return $this->allowedFrameDomains;
  82. }
  83. public function setAllowedFrameDomains(array $allowedFrameDomains): void {
  84. $this->allowedFrameDomains = $allowedFrameDomains;
  85. }
  86. public function getAllowedFontDomains(): array {
  87. return $this->allowedFontDomains;
  88. }
  89. public function setAllowedFontDomains($allowedFontDomains): void {
  90. $this->allowedFontDomains = $allowedFontDomains;
  91. }
  92. /**
  93. * @deprecated 15.0.0 use FrameDomains and WorkerSrcDomains
  94. */
  95. public function getAllowedChildSrcDomains(): array {
  96. return $this->allowedChildSrcDomains;
  97. }
  98. /**
  99. * @param array $allowedChildSrcDomains
  100. * @deprecated 15.0.0 use FrameDomains and WorkerSrcDomains
  101. */
  102. public function setAllowedChildSrcDomains($allowedChildSrcDomains): void {
  103. $this->allowedChildSrcDomains = $allowedChildSrcDomains;
  104. }
  105. public function getAllowedFrameAncestors(): array {
  106. return $this->allowedFrameAncestors;
  107. }
  108. /**
  109. * @param array $allowedFrameAncestors
  110. */
  111. public function setAllowedFrameAncestors($allowedFrameAncestors): void {
  112. $this->allowedFrameAncestors = $allowedFrameAncestors;
  113. }
  114. public function getAllowedWorkerSrcDomains(): array {
  115. return $this->allowedWorkerSrcDomains;
  116. }
  117. public function setAllowedWorkerSrcDomains(array $allowedWorkerSrcDomains): void {
  118. $this->allowedWorkerSrcDomains = $allowedWorkerSrcDomains;
  119. }
  120. public function getAllowedFormActionDomains(): array {
  121. return $this->allowedFormActionDomains;
  122. }
  123. public function setAllowedFormActionDomains(array $allowedFormActionDomains): void {
  124. $this->allowedFormActionDomains = $allowedFormActionDomains;
  125. }
  126. public function getReportTo(): array {
  127. return $this->reportTo;
  128. }
  129. public function setReportTo(array $reportTo): void {
  130. $this->reportTo = $reportTo;
  131. }
  132. public function isStrictDynamicAllowed(): bool {
  133. return $this->strictDynamicAllowed;
  134. }
  135. public function setStrictDynamicAllowed(bool $strictDynamicAllowed): void {
  136. $this->strictDynamicAllowed = $strictDynamicAllowed;
  137. }
  138. public function isStrictDynamicAllowedOnScripts(): bool {
  139. return $this->strictDynamicAllowedOnScripts;
  140. }
  141. public function setStrictDynamicAllowedOnScripts(bool $strictDynamicAllowedOnScripts): void {
  142. $this->strictDynamicAllowedOnScripts = $strictDynamicAllowedOnScripts;
  143. }
  144. }