nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Ferdinand Thiessen	2916e5df7e	feat: Provide CSP nonce as `<meta>` element This way we use the CSP nonce for dynamically loaded scripts. Important to notice: The CSP nonce must NOT be injected in `content` as this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors). Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-13 10:32:44 +07:00
Grigorii K. Shartsev	885ec73603	chore(core): wrap initial state into hidden container Signed-off-by: Grigorii K. Shartsev <me@shgk.me>	2024-07-30 13:24:38 +07:00

Author

SHA1

Message

Date

Ferdinand Thiessen

2916e5df7e

feat: Provide CSP nonce as `<meta>` element

This way we use the CSP nonce for dynamically loaded scripts.
Important to notice: The CSP nonce must NOT be injected in `content` as
this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors).

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

2024-08-13 10:32:44 +07:00

Grigorii K. Shartsev

885ec73603

chore(core): wrap initial state into hidden container

Signed-off-by: Grigorii K. Shartsev <me@shgk.me>

2024-07-30 13:24:38 +07:00

2 Commits (92795b2091be4d87483605aecb00c2e9f78c660a)