sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nextcloud-server/tests/lib/AppFramework/Middleware/Security
History
Ferdinand Thiessen 2916e5df7e
feat: Provide CSP nonce as `<meta>` element 
This way we use the CSP nonce for dynamically loaded scripts.
Important to notice: The CSP nonce must NOT be injected in `content` as
this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors).

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 		2024-08-13 10:32:44 +07:00
..
Mock feat(AppFramework): Add ExAppRequired attribute 2024-07-01 14:41:20 +07:00
BruteForceMiddlewareTest.php chore: Add SPDX header 2024-05-13 17:41:36 +07:00
CORSMiddlewareTest.php feat(Security): Warn about using annotations instead of attributes 2024-07-18 11:25:32 +07:00
CSPMiddlewareTest.php feat: Provide CSP nonce as `<meta>` element 2024-08-13 10:32:44 +07:00
FeaturePolicyMiddlewareTest.php chore: Add SPDX header 2024-05-13 17:41:36 +07:00
PasswordConfirmationMiddlewareTest.php feat(Security): Warn about using annotations instead of attributes 2024-07-18 11:25:32 +07:00
RateLimitingMiddlewareTest.php chore: Add SPDX header 2024-05-13 17:41:36 +07:00
SameSiteCookieMiddlewareTest.php chore: Add SPDX header 2024-05-13 17:41:36 +07:00
SecurityMiddlewareTest.php feat(security): Add public API to allow validating IP Ranges and checking for "in range" 2024-07-19 16:28:03 +07:00