sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nextcloud-server/lib/private/Security/CSP
History
Ferdinand Thiessen 2916e5df7e
feat: Provide CSP nonce as `<meta>` element 
This way we use the CSP nonce for dynamically loaded scripts.
Important to notice: The CSP nonce must NOT be injected in `content` as
this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors).

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 		2024-08-13 10:32:44 +07:00
..
ContentSecurityPolicy.php chore: Add SPDX header 2024-05-24 13:11:22 +07:00
ContentSecurityPolicyManager.php chore: Add SPDX header 2024-05-24 13:11:22 +07:00
ContentSecurityPolicyNonceManager.php feat: Provide CSP nonce as `<meta>` element 2024-08-13 10:32:44 +07:00