sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nextcloud-server/tests/lib/AppFramework/Http
History
Daniel Calviño Sánchez 41f2d912d2 Allow "wasm-unsafe-eval" in CSP 
If a page has a Content Security Policy header and the `script-src` (or
`default-src`) directive does not contain neither `wasm-unsafe-eval` nor
`unsafe-eval` loading and executing WebAssembly is blocked in the page
(although it is still possible to load and execute WebAssembly in a
worker thread).

Although the Nextcloud classes to manage the CSP already supported
allowing `unsafe-eval` this affects not only WebAssembly, but also the
`eval` operation in JavaScript.

To make possible to allow WebAssembly execution without allowing
JavaScript `eval` this commit adds support for allowing
`wasm-unsafe-eval`.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
 		2023-08-10 02:38:41 +07:00
..
ContentSecurityPolicyTest.php Allow "wasm-unsafe-eval" in CSP 2023-08-10 02:38:41 +07:00
DataResponseTest.php Change X-Robots-Tag header from "none" to "noindex, nofollow" 2023-02-15 20:16:51 +07:00
DispatcherTest.php feat(app framework)!: Inject services into controller methods 2023-01-18 14:00:38 +07:00
DownloadResponseTest.php Escape filename in Content-Disposition 2021-06-02 19:22:17 +07:00
EmptyContentSecurityPolicyTest.php Allow "wasm-unsafe-eval" in CSP 2023-08-10 02:38:41 +07:00
EmptyFeaturePolicyTest.php composer run cs:fix 2023-01-20 11:45:08 +07:00
FeaturePolicyTest.php composer run cs:fix 2023-01-20 11:45:08 +07:00
FileDisplayResponseTest.php Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject 2020-08-12 13:55:19 +07:00
HttpTest.php Move the notmodified check to middleware where it belongs 2020-05-13 08:11:24 +07:00
JSONResponseTest.php composer run cs:fix 2023-01-20 11:45:08 +07:00
OutputTest.php
PublicTemplateResponseTest.php Format control structures, classes, methods and function 2020-04-10 14:19:56 +07:00
RedirectResponseTest.php composer run cs:fix 2023-01-20 11:45:08 +07:00
RequestIdTest.php Adjust and add unit tests 2022-02-23 11:01:58 +07:00
RequestStream.php Fix some more problems with tests under PHP 8.2 2022-11-15 16:02:24 +07:00
RequestTest.php feat(request): Allow to match the client version with the IRequest::USER_AGENT_* regex 2023-07-11 07:35:50 +07:00
ResponseTest.php Add template types to responses 2023-06-30 09:33:29 +07:00
StreamResponseTest.php composer run cs:fix 2023-01-20 11:45:08 +07:00
TemplateResponseTest.php composer run cs:fix 2023-01-20 11:45:08 +07:00