Merge pull request #1917 from nextcloud/ocjs_inline

Inline oc.js when possible!

15 files changed, 426 insertions, 32 deletions

diff --git a/core/Controller/OCJSController.php b/core/Controller/OCJSController.php
new file mode 100644
index 00000000000..b1c2208377e
--- /dev/null
+++ b/core/Controller/OCJSController.php
@@ -0,0 +1,92 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016, Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OC\Core\Controller;
+
+use bantu\IniGetWrapper\IniGetWrapper;
+use OC\Template\JSConfigHelper;
+use OCP\App\IAppManager;
+use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\DataDisplayResponse;
+use OCP\IConfig;
+use OCP\IGroupManager;
+use OCP\IL10N;
+use OCP\IRequest;
+use OCP\IURLGenerator;
+use OCP\IUserSession;
+
+class OCJSController extends Controller {
+
+	/** @var JSConfigHelper */
+	private $helper;
+
+	/**
+	 * OCJSController constructor.
+	 *
+	 * @param string $appName
+	 * @param IRequest $request
+	 * @param IL10N $l
+	 * @param \OC_Defaults $defaults
+	 * @param IAppManager $appManager
+	 * @param IUserSession $session
+	 * @param IConfig $config
+	 * @param IGroupManager $groupManager
+	 * @param IniGetWrapper $iniWrapper
+	 * @param IURLGenerator $urlGenerator
+	 */
+	public function __construct($appName,
+								IRequest $request,
+								IL10N $l,
+								\OC_Defaults $defaults,
+								IAppManager $appManager,
+								IUserSession $session,
+								IConfig $config,
+								IGroupManager $groupManager,
+								IniGetWrapper $iniWrapper,
+								IURLGenerator $urlGenerator) {
+		parent::__construct($appName, $request);
+
+		$this->helper = new JSConfigHelper(
+			$l,
+			$defaults,
+			$appManager,
+			$session->getUser(),
+			$config,
+			$groupManager,
+			$iniWrapper,
+			$urlGenerator
+		);
+	}
+
+	/**
+	 * @NoCSRFRequired
+	 * @PublicPage
+	 *
+	 * @return DataDisplayResponse
+	 */
+	public function getConfig() {
+		$data = $this->helper->getConfig();
+
+		return new DataDisplayResponse($data, Http::STATUS_OK, ['Content-type' => 'text/javascript']);
+	}
+}
diff --git a/core/routes.php b/core/routes.php
index 3ca83815ad4..7978001af7d 100644
--- a/core/routes.php
+++ b/core/routes.php
@@ -51,6 +51,7 @@ $application->registerRoutes($this, [
 		['name' => 'TwoFactorChallenge#selectChallenge', 'url' => '/login/selectchallenge', 'verb' => 'GET'],
 		['name' => 'TwoFactorChallenge#showChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'GET'],
 		['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'],
+		['name' => 'OCJS#getConfig', 'url' => '/core/js/oc.js', 'verb' => 'GET'],
 	],
 	'ocs' => [
 		['root' => '/cloud', 'name' => 'OCS#getCapabilities', 'url' => '/capabilities', 'verb' => 'GET'],
@@ -66,9 +67,6 @@ $application->registerRoutes($this, [
 // Search
 $this->create('search_ajax_search', '/core/search')
 	->actionInclude('core/search/ajax/search.php');
-// oC JS config
-$this->create('js_config', '/core/js/oc.js')
-	->actionInclude('core/js/config.php');
 // Routing
 $this->create('core_ajax_preview', '/core/preview')
 	->actionInclude('core/ajax/preview.php');
diff --git a/core/templates/layout.base.php b/core/templates/layout.base.php
index 3f13523afcb..d6d70f31362 100644
--- a/core/templates/layout.base.php
+++ b/core/templates/layout.base.php
@@ -18,6 +18,11 @@
 		<?php foreach($_['printcssfiles'] as $cssfile): ?>
 			<link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" media="print">
 		<?php endforeach; ?>
+		<?php if (isset($_['inline_ocjs'])): ?>
+			<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" type="text/javascript">
+				<?php print_unescaped($_['inline_ocjs']); ?>
+			</script>
+		<?php endif; ?>
 		<?php foreach ($_['jsfiles'] as $jsfile): ?>
 			<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" src="<?php print_unescaped($jsfile); ?>"></script>
 		<?php endforeach; ?>
diff --git a/core/templates/layout.guest.php b/core/templates/layout.guest.php
index 6d46ac6cf2c..1692e4268d4 100644
--- a/core/templates/layout.guest.php
+++ b/core/templates/layout.guest.php
@@ -19,6 +19,11 @@
 		<?php foreach($_['printcssfiles'] as $cssfile): ?>
 			<link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" media="print">
 		<?php endforeach; ?>
+		<?php if (isset($_['inline_ocjs'])): ?>
+			<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" type="text/javascript">
+				<?php print_unescaped($_['inline_ocjs']); ?>
+			</script>
+		<?php endif; ?>
 		<?php foreach($_['jsfiles'] as $jsfile): ?>
 			<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" src="<?php print_unescaped($jsfile); ?>"></script>
 		<?php endforeach; ?>
diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php
index d258e3582d0..bc8edf085d0 100644
--- a/core/templates/layout.user.php
+++ b/core/templates/layout.user.php
@@ -26,6 +26,11 @@
 		<?php foreach($_['printcssfiles'] as $cssfile): ?>
 			<link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" media="print">
 		<?php endforeach; ?>
+		<?php if (isset($_['inline_ocjs'])): ?>
+			<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" type="text/javascript">
+				<?php print_unescaped($_['inline_ocjs']); ?>
+			</script>
+		<?php endif; ?>
 		<?php foreach($_['jsfiles'] as $jsfile): ?>
 			<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" src="<?php print_unescaped($jsfile); ?>"></script>
 		<?php endforeach; ?>
diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php
index 0d2a782a867..1332a570a27 100644
--- a/lib/composer/composer/autoload_classmap.php
+++ b/lib/composer/composer/autoload_classmap.php
@@ -402,6 +402,7 @@ return array(
     'OC\\Core\\Controller\\AvatarController' => $baseDir . '/core/Controller/AvatarController.php',
     'OC\\Core\\Controller\\LoginController' => $baseDir . '/core/Controller/LoginController.php',
     'OC\\Core\\Controller\\LostController' => $baseDir . '/core/Controller/LostController.php',
+    'OC\\Core\\Controller\\OCJSController' => $baseDir . '/core/Controller/OCJSController.php',
     'OC\\Core\\Controller\\OCSController' => $baseDir . '/core/Controller/OCSController.php',
     'OC\\Core\\Controller\\SetupController' => $baseDir . '/core/Controller/SetupController.php',
     'OC\\Core\\Controller\\TwoFactorChallengeController' => $baseDir . '/core/Controller/TwoFactorChallengeController.php',
@@ -752,6 +753,7 @@ return array(
     'OC\\TemplateLayout' => $baseDir . '/lib/private/TemplateLayout.php',
     'OC\\Template\\Base' => $baseDir . '/lib/private/Template/Base.php',
     'OC\\Template\\CSSResourceLocator' => $baseDir . '/lib/private/Template/CSSResourceLocator.php',
+    'OC\\Template\\JSConfigHelper' => $baseDir . '/lib/private/Template/JSConfigHelper.php',
     'OC\\Template\\JSResourceLocator' => $baseDir . '/lib/private/Template/JSResourceLocator.php',
     'OC\\Template\\ResourceLocator' => $baseDir . '/lib/private/Template/ResourceLocator.php',
     'OC\\Template\\ResourceNotFoundException' => $baseDir . '/lib/private/Template/ResourceNotFoundException.php',
diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php
index 43e3fc3de34..c9bdc5305fe 100644
--- a/lib/composer/composer/autoload_static.php
+++ b/lib/composer/composer/autoload_static.php
@@ -432,6 +432,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
         'OC\\Core\\Controller\\AvatarController' => __DIR__ . '/../../..' . '/core/Controller/AvatarController.php',
         'OC\\Core\\Controller\\LoginController' => __DIR__ . '/../../..' . '/core/Controller/LoginController.php',
         'OC\\Core\\Controller\\LostController' => __DIR__ . '/../../..' . '/core/Controller/LostController.php',
+        'OC\\Core\\Controller\\OCJSController' => __DIR__ . '/../../..' . '/core/Controller/OCJSController.php',
         'OC\\Core\\Controller\\OCSController' => __DIR__ . '/../../..' . '/core/Controller/OCSController.php',
         'OC\\Core\\Controller\\SetupController' => __DIR__ . '/../../..' . '/core/Controller/SetupController.php',
         'OC\\Core\\Controller\\TwoFactorChallengeController' => __DIR__ . '/../../..' . '/core/Controller/TwoFactorChallengeController.php',
@@ -782,6 +783,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
         'OC\\TemplateLayout' => __DIR__ . '/../../..' . '/lib/private/TemplateLayout.php',
         'OC\\Template\\Base' => __DIR__ . '/../../..' . '/lib/private/Template/Base.php',
         'OC\\Template\\CSSResourceLocator' => __DIR__ . '/../../..' . '/lib/private/Template/CSSResourceLocator.php',
+        'OC\\Template\\JSConfigHelper' => __DIR__ . '/../../..' . '/lib/private/Template/JSConfigHelper.php',
         'OC\\Template\\JSResourceLocator' => __DIR__ . '/../../..' . '/lib/private/Template/JSResourceLocator.php',
         'OC\\Template\\ResourceLocator' => __DIR__ . '/../../..' . '/lib/private/Template/ResourceLocator.php',
         'OC\\Template\\ResourceNotFoundException' => __DIR__ . '/../../..' . '/lib/private/Template/ResourceNotFoundException.php',
diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php
index 97faa0edf49..8fe9b4dca03 100644
--- a/lib/private/AppFramework/DependencyInjection/DIContainer.php
+++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php
@@ -380,7 +380,8 @@ class DIContainer extends SimpleContainer implements IAppContainer {
 				$app->isLoggedIn(),
 				$app->isAdminUser(),
 				$app->getServer()->getContentSecurityPolicyManager(),
-				$app->getServer()->getCsrfTokenManager()
+				$app->getServer()->getCsrfTokenManager(),
+				$app->getServer()->getContentSecurityPolicyNonceManager()
 			);
 		});
 
diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
index 6c33c0023ea..183e55740ea 100644
--- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
@@ -36,6 +36,7 @@ use OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException;
 use OC\AppFramework\Middleware\Security\Exceptions\StrictCookieMissingException;
 use OC\AppFramework\Utility\ControllerMethodReflector;
 use OC\Security\CSP\ContentSecurityPolicyManager;
+use OC\Security\CSP\ContentSecurityPolicyNonceManager;
 use OC\Security\CSRF\CsrfTokenManager;
 use OCP\AppFramework\Http\ContentSecurityPolicy;
 use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
@@ -80,6 +81,8 @@ class SecurityMiddleware extends Middleware {
 	private $contentSecurityPolicyManager;
 	/** @var CsrfTokenManager */
 	private $csrfTokenManager;
+	/** @var ContentSecurityPolicyNonceManager */
+	private $cspNonceManager;
 
 	/**
 	 * @param IRequest $request
@@ -92,6 +95,7 @@ class SecurityMiddleware extends Middleware {
 	 * @param bool $isAdminUser
 	 * @param ContentSecurityPolicyManager $contentSecurityPolicyManager
 	 * @param CSRFTokenManager $csrfTokenManager
+	 * @param ContentSecurityPolicyNonceManager $cspNonceManager
 	 */
 	public function __construct(IRequest $request,
 								ControllerMethodReflector $reflector,
@@ -102,7 +106,8 @@ class SecurityMiddleware extends Middleware {
 								$isLoggedIn,
 								$isAdminUser,
 								ContentSecurityPolicyManager $contentSecurityPolicyManager,
-								CsrfTokenManager $csrfTokenManager) {
+								CsrfTokenManager $csrfTokenManager,
+								ContentSecurityPolicyNonceManager $cspNonceManager) {
 		$this->navigationManager = $navigationManager;
 		$this->request = $request;
 		$this->reflector = $reflector;
@@ -113,6 +118,7 @@ class SecurityMiddleware extends Middleware {
 		$this->isAdminUser = $isAdminUser;
 		$this->contentSecurityPolicyManager = $contentSecurityPolicyManager;
 		$this->csrfTokenManager = $csrfTokenManager;
+		$this->cspNonceManager = $cspNonceManager;
 	}
 
 
@@ -177,23 +183,6 @@ class SecurityMiddleware extends Middleware {
 
 	}
 
-	private function browserSupportsCspV3() {
-		$browserWhitelist = [
-			// Chrome 40+
-			'/^Mozilla\/5\.0 \([^)]+\) AppleWebKit\/[0-9.]+ \(KHTML, like Gecko\) Chrome\/[4-9][0-9].[0-9.]+ (Mobile Safari|Safari)\/[0-9.]+$/',
-			// Firefox 45+
-			'/^Mozilla\/5\.0 \([^)]+\) Gecko\/[0-9.]+ Firefox\/(4[5-9]|[5-9][0-9])\.[0-9.]+$/',
-			// Safari 10+
-			'/^Mozilla\/5\.0 \([^)]+\) AppleWebKit\/[0-9.]+ \(KHTML, like Gecko\) Version\/1[0-9.]+ Safari\/[0-9.A-Z]+$/',
-		];
-
-		if($this->request->isUserAgent($browserWhitelist)) {
-			return true;
-		}
-
-		return false;
-	}
-
 	/**
 	 * Performs the default CSP modifications that may be injected by other
 	 * applications
@@ -213,7 +202,7 @@ class SecurityMiddleware extends Middleware {
 		$defaultPolicy = $this->contentSecurityPolicyManager->getDefaultPolicy();
 		$defaultPolicy = $this->contentSecurityPolicyManager->mergePolicies($defaultPolicy, $policy);
 
-		if($this->browserSupportsCspV3()) {
+		if($this->cspNonceManager->browserSupportsCspV3()) {
 			$defaultPolicy->useJsNonce($this->csrfTokenManager->getToken()->getEncryptedValue());
 		}
 
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
index 0482ea49e5c..e6a39b12a42 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
@@ -22,6 +22,7 @@
 namespace OC\Security\CSP;
 
 use OC\Security\CSRF\CsrfTokenManager;
+use OCP\IRequest;
 
 /**
  * @package OC\Security\CSP
@@ -29,14 +30,19 @@ use OC\Security\CSRF\CsrfTokenManager;
 class ContentSecurityPolicyNonceManager {
 	/** @var CsrfTokenManager */
 	private $csrfTokenManager;
+	/** @var IRequest */
+	private $request;
 	/** @var string */
 	private $nonce = '';
 
 	/**
 	 * @param CsrfTokenManager $csrfTokenManager
+	 * @param IRequest $request
 	 */
-	public function __construct(CsrfTokenManager $csrfTokenManager) {
+	public function __construct(CsrfTokenManager $csrfTokenManager,
+								IRequest $request) {
 		$this->csrfTokenManager = $csrfTokenManager;
+		$this->request = $request;
 	}
 
 	/**
@@ -51,4 +57,26 @@ class ContentSecurityPolicyNonceManager {
 
 		return $this->nonce;
 	}
+
+	/**
+	 * Check if the browser supports CSP v3
+	 *
+	 * @return bool
+	 */
+	public function browserSupportsCspV3() {
+		$browserWhitelist = [
+			// Chrome 40+
+			'/^Mozilla\/5\.0 \([^)]+\) AppleWebKit\/[0-9.]+ \(KHTML, like Gecko\) Chrome\/[4-9][0-9].[0-9.]+ (Mobile Safari|Safari)\/[0-9.]+$/',
+			// Firefox 45+
+			'/^Mozilla\/5\.0 \([^)]+\) Gecko\/[0-9.]+ Firefox\/(4[5-9]|[5-9][0-9])\.[0-9.]+$/',
+			// Safari 10+
+			'/^Mozilla\/5\.0 \([^)]+\) AppleWebKit\/[0-9.]+ \(KHTML, like Gecko\) Version\/1[0-9.]+ Safari\/[0-9.A-Z]+$/',
+		];
+
+		if($this->request->isUserAgent($browserWhitelist)) {
+			return true;
+		}
+
+		return false;
+	}
 }
diff --git a/lib/private/Server.php b/lib/private/Server.php
index 1ccc27802d2..21ec311401d 100644
--- a/lib/private/Server.php
+++ b/lib/private/Server.php
@@ -711,7 +711,8 @@ class Server extends ServerContainer implements IServerContainer {
 		});
 		$this->registerService('ContentSecurityPolicyNonceManager', function(Server $c) {
 			return new ContentSecurityPolicyNonceManager(
-				$c->getCsrfTokenManager()
+				$c->getCsrfTokenManager(),
+				$c->getRequest()
 			);
 		});
 		$this->registerService('ShareManager', function(Server $c) {
diff --git a/lib/private/Template/JSConfigHelper.php b/lib/private/Template/JSConfigHelper.php
new file mode 100644
index 00000000000..a7f8c251cee
--- /dev/null
+++ b/lib/private/Template/JSConfigHelper.php
@@ -0,0 +1,243 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016, Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OC\Template;
+
+use bantu\IniGetWrapper\IniGetWrapper;
+use OCP\App\IAppManager;
+use OCP\IConfig;
+use OCP\IGroupManager;
+use OCP\IL10N;
+use OCP\IURLGenerator;
+use OCP\IUser;
+
+class JSConfigHelper {
+
+	/** @var IL10N */
+	private $l;
+
+	/** @var \OC_Defaults */
+	private $defaults;
+
+	/** @var IAppManager */
+	private $appManager;
+
+	/** @var IUser */
+	private $currentUser;
+
+	/** @var IConfig */
+	private $config;
+
+	/** @var IGroupManager */
+	private $groupManager;
+
+	/** @var IniGetWrapper */
+	private $iniWrapper;
+
+	/** @var IURLGenerator */
+	private $urlGenerator;
+
+	/**
+	 * @param IL10N $l
+	 * @param \OC_Defaults $defaults
+	 * @param IAppManager $appManager
+	 * @param IUser|null $currentUser
+	 * @param IConfig $config
+	 * @param IGroupManager $groupManager
+	 * @param IniGetWrapper $iniWrapper
+	 * @param IURLGenerator $urlGenerator
+	 */
+	public function __construct(IL10N $l,
+								\OC_Defaults $defaults,
+								IAppManager $appManager,
+								$currentUser,
+								IConfig $config,
+								IGroupManager $groupManager,
+								IniGetWrapper $iniWrapper,
+								IURLGenerator $urlGenerator) {
+		$this->l = $l;
+		$this->defaults = $defaults;
+		$this->appManager = $appManager;
+		$this->currentUser = $currentUser;
+		$this->config = $config;
+		$this->groupManager = $groupManager;
+		$this->iniWrapper = $iniWrapper;
+		$this->urlGenerator = $urlGenerator;
+	}
+
+	public function getConfig() {
+
+		if ($this->currentUser !== null) {
+			$uid = $this->currentUser->getUID();
+		} else {
+			$uid = null;
+		}
+
+		// Get the config
+		$apps_paths = [];
+
+		if ($this->currentUser === null) {
+			$apps = $this->appManager->getInstalledApps();
+		} else {
+			$apps = $this->appManager->getEnabledAppsForUser($this->currentUser);
+		}
+
+		foreach($apps as $app) {
+			$apps_paths[$app] = \OC_App::getAppWebPath($app);
+		}
+
+		$defaultExpireDateEnabled = $this->config->getAppValue('core', 'shareapi_default_expire_date', 'no') === 'yes';
+		$defaultExpireDate = $enforceDefaultExpireDate = null;
+		if ($defaultExpireDateEnabled) {
+			$defaultExpireDate = (int) $this->config->getAppValue('core', 'shareapi_expire_after_n_days', '7');
+			$enforceDefaultExpireDate = $this->config->getAppValue('core', 'shareapi_enforce_expire_date', 'no') === 'yes';
+		}
+		$outgoingServer2serverShareEnabled = $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') === 'yes';
+
+		$countOfDataLocation = 0;
+		$dataLocation = str_replace(\OC::$SERVERROOT .'/', '', $this->config->getSystemValue('datadirectory', ''), $countOfDataLocation);
+		if($countOfDataLocation !== 1 || !$this->groupManager->isAdmin($uid)) {
+			$dataLocation = false;
+		}
+
+		$array = [
+			"oc_debug" => $this->config->getSystemValue('debug', false) ? 'true' : 'false',
+			"oc_isadmin" => $this->groupManager->isAdmin($uid) ? 'true' : 'false',
+			"oc_dataURL" => is_string($dataLocation) ? "\"".$dataLocation."\"" : 'false',
+			"oc_webroot" => "\"".\OC::$WEBROOT."\"",
+			"oc_appswebroots" =>  str_replace('\\/', '/', json_encode($apps_paths)), // Ugly unescape slashes waiting for better solution
+			"datepickerFormatDate" => json_encode($this->l->l('jsdate', null)),
+			"dayNames" =>  json_encode([
+				(string)$this->l->t('Sunday'),
+				(string)$this->l->t('Monday'),
+				(string)$this->l->t('Tuesday'),
+				(string)$this->l->t('Wednesday'),
+				(string)$this->l->t('Thursday'),
+				(string)$this->l->t('Friday'),
+				(string)$this->l->t('Saturday')
+			]),
+			"dayNamesShort" =>  json_encode([
+				(string)$this->l->t('Sun.'),
+				(string)$this->l->t('Mon.'),
+				(string)$this->l->t('Tue.'),
+				(string)$this->l->t('Wed.'),
+				(string)$this->l->t('Thu.'),
+				(string)$this->l->t('Fri.'),
+				(string)$this->l->t('Sat.')
+			]),
+			"dayNamesMin" =>  json_encode([
+				(string)$this->l->t('Su'),
+				(string)$this->l->t('Mo'),
+				(string)$this->l->t('Tu'),
+				(string)$this->l->t('We'),
+				(string)$this->l->t('Th'),
+				(string)$this->l->t('Fr'),
+				(string)$this->l->t('Sa')
+			]),
+			"monthNames" => json_encode([
+				(string)$this->l->t('January'),
+				(string)$this->l->t('February'),
+				(string)$this->l->t('March'),
+				(string)$this->l->t('April'),
+				(string)$this->l->t('May'),
+				(string)$this->l->t('June'),
+				(string)$this->l->t('July'),
+				(string)$this->l->t('August'),
+				(string)$this->l->t('September'),
+				(string)$this->l->t('October'),
+				(string)$this->l->t('November'),
+				(string)$this->l->t('December')
+			]),
+			"monthNamesShort" => json_encode([
+				(string)$this->l->t('Jan.'),
+				(string)$this->l->t('Feb.'),
+				(string)$this->l->t('Mar.'),
+				(string)$this->l->t('Apr.'),
+				(string)$this->l->t('May.'),
+				(string)$this->l->t('Jun.'),
+				(string)$this->l->t('Jul.'),
+				(string)$this->l->t('Aug.'),
+				(string)$this->l->t('Sep.'),
+				(string)$this->l->t('Oct.'),
+				(string)$this->l->t('Nov.'),
+				(string)$this->l->t('Dec.')
+			]),
+			"firstDay" => json_encode($this->l->l('firstday', null)) ,
+			"oc_config" => json_encode([
+				'session_lifetime'	=> min($this->config->getSystemValue('session_lifetime', $this->iniWrapper->getNumeric('session.gc_maxlifetime')), $this->iniWrapper->getNumeric('session.gc_maxlifetime')),
+				'session_keepalive'	=> $this->config->getSystemValue('session_keepalive', true),
+				'version'			=> implode('.', \OCP\Util::getVersion()),
+				'versionstring'		=> \OC_Util::getVersionString(),
+				'enable_avatars'	=> $this->config->getSystemValue('enable_avatars', true) === true,
+				'lost_password_link'=> $this->config->getSystemValue('lost_password_link', null),
+				'modRewriteWorking'	=> (getenv('front_controller_active') === 'true'),
+			]),
+			"oc_appconfig" => json_encode([
+				'core' => [
+					'defaultExpireDateEnabled' => $defaultExpireDateEnabled,
+					'defaultExpireDate' => $defaultExpireDate,
+					'defaultExpireDateEnforced' => $enforceDefaultExpireDate,
+					'enforcePasswordForPublicLink' => \OCP\Util::isPublicLinkPasswordRequired(),
+					'sharingDisabledForUser' => \OCP\Util::isSharingDisabledForUser(),
+					'resharingAllowed' => \OCP\Share::isResharingAllowed(),
+					'remoteShareAllowed' => $outgoingServer2serverShareEnabled,
+					'federatedCloudShareDoc' => $this->urlGenerator->linkToDocs('user-sharing-federated'),
+					'allowGroupSharing' => \OC::$server->getShareManager()->allowGroupSharing()
+				]
+			]),
+			"oc_defaults" => json_encode([
+				'entity' => $this->defaults->getEntity(),
+				'name' => $this->defaults->getName(),
+				'title' => $this->defaults->getTitle(),
+				'baseUrl' => $this->defaults->getBaseUrl(),
+				'syncClientUrl' => $this->defaults->getSyncClientUrl(),
+				'docBaseUrl' => $this->defaults->getDocBaseUrl(),
+				'docPlaceholderUrl' => $this->defaults->buildDocLinkToKey('PLACEHOLDER'),
+				'slogan' => $this->defaults->getSlogan(),
+				'logoClaim' => $this->defaults->getLogoClaim(),
+				'shortFooter' => $this->defaults->getShortFooter(),
+				'longFooter' => $this->defaults->getLongFooter(),
+				'folder' => \OC_Util::getTheme(),
+			]),
+		];
+
+		if ($this->currentUser !== null) {
+			$array['oc_userconfig'] = json_encode([
+				'avatar' => [
+					'version' => (int)$this->config->getUserValue($uid, 'avatar', 'version', 0),
+				]
+			]);
+		}
+
+		// Allow hooks to modify the output values
+		\OC_Hook::emit('\OCP\Config', 'js', array('array' => &$array));
+
+		$result = '';
+
+		// Echo it
+		foreach ($array as  $setting => $value) {
+			$result .= 'var '. $setting . '='. $value . ';' . PHP_EOL;
+		}
+
+		return $result;
+	}
+}
diff --git a/lib/private/TemplateLayout.php b/lib/private/TemplateLayout.php
index da845d80d04..9f89174e7f9 100644
--- a/lib/private/TemplateLayout.php
+++ b/lib/private/TemplateLayout.php
@@ -43,6 +43,7 @@ use Assetic\Filter\CssMinFilter;
 use Assetic\Filter\CssRewriteFilter;
 use Assetic\Filter\JSqueezeFilter;
 use Assetic\Filter\SeparatorFilter;
+use OC\Template\JSConfigHelper;
 
 class TemplateLayout extends \OC_Template {
 
@@ -142,7 +143,22 @@ class TemplateLayout extends \OC_Template {
 		$jsFiles = self::findJavascriptFiles(\OC_Util::$scripts);
 		$this->assign('jsfiles', array());
 		if ($this->config->getSystemValue('installed', false) && $renderAs != 'error') {
-			$this->append( 'jsfiles', \OC::$server->getURLGenerator()->linkToRoute('js_config', ['v' => self::$versionHash]));
+			if (\OC::$server->getContentSecurityPolicyNonceManager()->browserSupportsCspV3()) {
+				$jsConfigHelper = new JSConfigHelper(
+					\OC::$server->getL10N('core'),
+					\OC::$server->getThemingDefaults(),
+					\OC::$server->getAppManager(),
+					\OC::$server->getUserSession()->getUser(),
+					\OC::$server->getConfig(),
+					\OC::$server->getGroupManager(),
+					\OC::$server->getIniWrapper(),
+					\OC::$server->getURLGenerator()
+				);
+				$this->assign('inline_ocjs', $jsConfigHelper->getConfig());
+				$this->assign('foo', 'bar');
+			} else {
+				$this->append('jsfiles', \OC::$server->getURLGenerator()->linkToRoute('core.OCJS.getConfig', ['v' => self::$versionHash]));
+			}
 		}
 		foreach($jsFiles as $info) {
 			$web = $info[1];
diff --git a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
index b597317fca4..1fdcf485c28 100644
--- a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
+++ b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
@@ -36,6 +36,7 @@ use OC\AppFramework\Middleware\Security\SecurityMiddleware;
 use OC\AppFramework\Utility\ControllerMethodReflector;
 use OC\Security\CSP\ContentSecurityPolicy;
 use OC\Security\CSP\ContentSecurityPolicyManager;
+use OC\Security\CSP\ContentSecurityPolicyNonceManager;
 use OC\Security\CSRF\CsrfToken;
 use OC\Security\CSRF\CsrfTokenManager;
 use OCP\AppFramework\Controller;
@@ -76,6 +77,8 @@ class SecurityMiddlewareTest extends \Test\TestCase {
 	private $contentSecurityPolicyManager;
 	/** @var CsrfTokenManager|\PHPUnit_Framework_MockObject_MockObject */
 	private $csrfTokenManager;
+	/** @var ContentSecurityPolicyNonceManager|\PHPUnit_Framework_MockObject_MockObject */
+	private $cspNonceManager;
 
 	protected function setUp() {
 		parent::setUp();
@@ -88,6 +91,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
 		$this->request = $this->createMock(IRequest::class);
 		$this->contentSecurityPolicyManager = $this->createMock(ContentSecurityPolicyManager::class);
 		$this->csrfTokenManager = $this->createMock(CsrfTokenManager::class);
+		$this->cspNonceManager = $this->createMock(ContentSecurityPolicyNonceManager::class);
 		$this->middleware = $this->getMiddleware(true, true);
 		$this->secException = new SecurityException('hey', false);
 		$this->secAjaxException = new SecurityException('hey', true);
@@ -109,7 +113,8 @@ class SecurityMiddlewareTest extends \Test\TestCase {
 			$isLoggedIn,
 			$isAdminUser,
 			$this->contentSecurityPolicyManager,
-			$this->csrfTokenManager
+			$this->csrfTokenManager,
+			$this->cspNonceManager
 		);
 	}
 
@@ -559,9 +564,9 @@ class SecurityMiddlewareTest extends \Test\TestCase {
 	}
 
 	public function testAfterController() {
-		$this->request
+		$this->cspNonceManager
 			->expects($this->once())
-			->method('isUserAgent')
+			->method('browserSupportsCspV3')
 			->willReturn(false);
 		$response = $this->createMock(Response::class);
 		$defaultPolicy = new ContentSecurityPolicy();
@@ -603,9 +608,9 @@ class SecurityMiddlewareTest extends \Test\TestCase {
 	}
 
 	public function testAfterControllerWithContentSecurityPolicy3Support() {
-		$this->request
+		$this->cspNonceManager
 			->expects($this->once())
-			->method('isUserAgent')
+			->method('browserSupportsCspV3')
 			->willReturn(true);
 		$token = $this->createMock(CsrfToken::class);
 		$token
diff --git a/tests/lib/Security/CSP/ContentSecurityPolicyNonceManagerTest.php b/tests/lib/Security/CSP/ContentSecurityPolicyNonceManagerTest.php
index 39d24807d5b..3211a5284f8 100644
--- a/tests/lib/Security/CSP/ContentSecurityPolicyNonceManagerTest.php
+++ b/tests/lib/Security/CSP/ContentSecurityPolicyNonceManagerTest.php
@@ -24,6 +24,7 @@ namespace Test\Security\CSP;
 use OC\Security\CSP\ContentSecurityPolicyNonceManager;
 use OC\Security\CSRF\CsrfToken;
 use OC\Security\CSRF\CsrfTokenManager;
+use OCP\IRequest;
 use Test\TestCase;
 
 class ContentSecurityPolicyNonceManagerTest extends TestCase  {
@@ -35,7 +36,8 @@ class ContentSecurityPolicyNonceManagerTest extends TestCase  {
 	public function setUp() {
 		$this->csrfTokenManager = $this->createMock(CsrfTokenManager::class);
 		$this->nonceManager = new ContentSecurityPolicyNonceManager(
-			$this->csrfTokenManager
+			$this->csrfTokenManager,
+			$this->createMock(IRequest::class)
 		);
 	}