Revert "Expose methods to disable CSP or loosen it for embedded iframes (#17910)" (#17952)

This reverts commit 33db50cccebf44823d2080d296d4ace848153d4f.

1 files changed, 1 insertions, 27 deletions

diff --git a/core/View/SecurityPolicy.php b/core/View/SecurityPolicy.php
index 3fc042329f..ab403aa48a 100644
--- a/core/View/SecurityPolicy.php
+++ b/core/View/SecurityPolicy.php
@@ -16,13 +16,6 @@ use Piwik\Config;
  */
 class SecurityPolicy
 {
-    /*
-     * Commonly used rules
-     */
-    const RULE_DEFAULT = "'self' 'unsafe-inline' 'unsafe-eval'";
-    const RULE_IMG_DEFAULT = "'self' 'unsafe-inline' 'unsafe-eval' data:"
-    const RULE_EMBEDDED_FRAME = "'self' 'unsafe-inline' 'unsafe-eval' data: https: http:";
-
     /**
      * The policies that will generate the CSP header.
      * These are keyed by the directive.
@@ -38,8 +31,7 @@ class SecurityPolicy
      * Constructor.
      */
     public function __construct(Config $config) {
-        $this->policies['default-src'] = self::RULE_DEFAULT;
-        $this->policies['img-src'] = self::RULE_IMG_DEFAULT;
+        $this->policies['default-src'] = "'self' 'unsafe-inline' 'unsafe-eval'";
 
         $generalConfig = $config->General;
         $this->cspEnabled = $generalConfig['csp_enabled'];
@@ -77,14 +69,6 @@ class SecurityPolicy
     }
 
     /**
-     * Disable CSP
-     *
-     */
-    public function disable() {
-        $this->cspEnabled = false;
-    }
-
-    /**
      * Creates the Header String that can be inserted in the Content-Security-Policy header.
      *
      * @return string
@@ -105,14 +89,4 @@ class SecurityPolicy
 
         return $headerString;
     }
-
-    /**
-     * A less restrictive CSP which will allow embedding other sites with iframes
-     * (useful for heatmaps and session recordings)
-     *
-     */
-    public function allowEmbedPage() {
-        $this->overridePolicy('default-src', self::RULE_EMBEDDED_FRAME);
-        $this->addPolicy('script-src', self::RULE_DEFAULT);
-    }
 }