sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nextcloud-server/tests/lib/AppFramework
History
Daniel Calviño Sánchez 41f2d912d2 Allow "wasm-unsafe-eval" in CSP 
If a page has a Content Security Policy header and the `script-src` (or
`default-src`) directive does not contain neither `wasm-unsafe-eval` nor
`unsafe-eval` loading and executing WebAssembly is blocked in the page
(although it is still possible to load and execute WebAssembly in a
worker thread).

Although the Nextcloud classes to manage the CSP already supported
allowing `unsafe-eval` this affects not only WebAssembly, but also the
`eval` operation in JavaScript.

To make possible to allow WebAssembly execution without allowing
JavaScript `eval` this commit adds support for allowing
`wasm-unsafe-eval`.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
 		2023-08-10 02:38:41 +07:00
..
Bootstrap feat(app-framework): Add support for global middlewares 2023-01-26 11:54:28 +07:00
Controller Change X-Robots-Tag header from "none" to "noindex, nofollow" 2023-02-15 20:16:51 +07:00
Db
DependencyInjection feat(app-framework): Add support for global middlewares 2023-01-26 11:54:28 +07:00
Http Allow "wasm-unsafe-eval" in CSP 2023-08-10 02:38:41 +07:00
Middleware fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalScripts 2023-07-27 09:57:52 +07:00
OCS Allow stdClass in XML responses 2023-06-13 11:44:47 +07:00
Routing DI for Router 2023-02-13 22:51:14 +07:00
Utility feat(appframework): Make ITimeFactory extend \PSR\Clock\ClockInterface 2023-03-03 15:37:13 +07:00
AppTest.php