1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 |
- <?php
- declare(strict_types=1);
- namespace OC\Security\CSP;
- use OC\AppFramework\Http\Request;
- use OC\Security\CSRF\CsrfTokenManager;
- use OCP\IRequest;
- class ContentSecurityPolicyNonceManager {
- private string $nonce = '';
- public function __construct(
- private CsrfTokenManager $csrfTokenManager,
- private IRequest $request,
- ) {
- }
-
- public function getNonce(): string {
- if ($this->nonce === '') {
- if (empty($this->request->server['CSP_NONCE'])) {
- $this->nonce = base64_encode($this->csrfTokenManager->getToken()->getEncryptedValue());
- } else {
- $this->nonce = $this->request->server['CSP_NONCE'];
- }
- }
- return $this->nonce;
- }
-
- public function browserSupportsCspV3(): bool {
- $browserWhitelist = [
- Request::USER_AGENT_CHROME,
- Request::USER_AGENT_FIREFOX,
- Request::USER_AGENT_SAFARI,
- ];
- if ($this->request->isUserAgent($browserWhitelist)) {
- return true;
- }
- return false;
- }
- }
|