IContentSecurityPolicyManager.php 2.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2016, ownCloud, Inc.
  5. *
  6. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  7. * @author Lukas Reschke <lukas@statuscode.ch>
  8. * @author Roeland Jago Douma <roeland@famdouma.nl>
  9. *
  10. * @license AGPL-3.0
  11. *
  12. * This code is free software: you can redistribute it and/or modify
  13. * it under the terms of the GNU Affero General Public License, version 3,
  14. * as published by the Free Software Foundation.
  15. *
  16. * This program is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. * GNU Affero General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU Affero General Public License, version 3,
  22. * along with this program. If not, see <http://www.gnu.org/licenses/>
  23. *
  24. */
  25. namespace OCP\Security;
  26. use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
  27. /**
  28. * Used for Content Security Policy manipulations
  29. *
  30. * @since 9.0.0
  31. * @deprecated 17.0.0 listen to the AddContentSecurityPolicyEvent to add a policy
  32. */
  33. interface IContentSecurityPolicyManager {
  34. /**
  35. * Allows to inject something into the default content policy. This is for
  36. * example useful when you're injecting Javascript code into a view belonging
  37. * to another controller and cannot modify its Content-Security-Policy itself.
  38. * Note that the adjustment is only applied to applications that use AppFramework
  39. * controllers.
  40. *
  41. * To use this from your `app.php` use `\OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy)`,
  42. * $policy has to be of type `\OCP\AppFramework\Http\ContentSecurityPolicy`.
  43. *
  44. * WARNING: Using this API incorrectly may make the instance more insecure.
  45. * Do think twice before adding whitelisting resources. Please do also note
  46. * that it is not possible to use the `disallowXYZ` functions.
  47. *
  48. * @param EmptyContentSecurityPolicy $policy
  49. * @since 9.0.0
  50. * @deprecated 17.0.0 listen to the AddContentSecurityPolicyEvent to add a policy
  51. */
  52. public function addDefaultPolicy(EmptyContentSecurityPolicy $policy);
  53. }