Skip to content

Commit c1f323e

Browse files
rullzerrullzer
committed
Forbid eval on legacy responses
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
1 parent 5d360bd commit c1f323e

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

lib/private/legacy/response.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
<?php
2+
<?php
23
/**
34
* @copyright Copyright (c) 2016, ownCloud, Inc.
45
*
@@ -84,7 +85,7 @@ public static function addSecurityHeaders() {
8485
* @see \OCP\AppFramework\Http\Response::getHeaders
8586
*/
8687
$policy = 'default-src \'self\'; '
87-
. 'script-src \'self\' \'unsafe-eval\' \'nonce-'.\OC::$server->getContentSecurityPolicyNonceManager()->getNonce().'\'; '
88+
. 'script-src \'self\' \'nonce-'.\OC::$server->getContentSecurityPolicyNonceManager()->getNonce().'\'; '
8889
. 'style-src \'self\' \'unsafe-inline\'; '
8990
. 'frame-src *; '
9091
. 'img-src * data: blob:; '

0 commit comments

Comments
 (0)