Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/spreed.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib/Controller
diff options
context:
space:
mode:
authorDaniel Calviño Sánchez <danxuliu@gmail.com>2019-04-10 17:38:08 +0300
committerDaniel Calviño Sánchez <danxuliu@gmail.com>2019-04-10 17:38:08 +0300
commitc145540ab1e2337db1d8f1ebcac2e5a93825e9f9 (patch)
treeda45cfb7ab100e29f701ac67a0fc867c80c8480f /lib/Controller
parent56746de758d0adcfe35e2061fc96391adcb48c48 (diff)
Do not allow JavaScript "eval"
Talk no longer uses JavaScript "eval", so the Content Security Policy can now be configured to prevent its use. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Diffstat (limited to 'lib/Controller')
-rw-r--r--lib/Controller/PageController.php2
1 files changed, 0 insertions, 2 deletions
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
index 2dda1f411..d529de7d4 100644
--- a/lib/Controller/PageController.php
+++ b/lib/Controller/PageController.php
@@ -187,7 +187,6 @@ class PageController extends Controller {
$csp = new ContentSecurityPolicy();
$csp->addAllowedConnectDomain('*');
$csp->addAllowedMediaDomain('blob:');
- $csp->allowEvalScript();
$response->setContentSecurityPolicy($csp);
return $response;
}
@@ -234,7 +233,6 @@ class PageController extends Controller {
$csp = new ContentSecurityPolicy();
$csp->addAllowedConnectDomain('*');
$csp->addAllowedMediaDomain('blob:');
- $csp->allowEvalScript(true);
$response->setContentSecurityPolicy($csp);
return $response;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-27 07:06:57 +0300