mirror of https://github.com/nextcloud/server
fix(CSP): Add CSP nonce by default and convert `browserSupportsCspV3` to blocklist
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
This commit is contained in:
parent
4121b841de
commit
5a513c924f
|
@ -65,17 +65,14 @@ class ContentSecurityPolicyNonceManager {
|
|||
* Check if the browser supports CSP v3
|
||||
*/
|
||||
public function browserSupportsCspV3(): bool {
|
||||
$browserWhitelist = [
|
||||
Request::USER_AGENT_CHROME,
|
||||
Request::USER_AGENT_FIREFOX,
|
||||
Request::USER_AGENT_SAFARI,
|
||||
Request::USER_AGENT_MS_EDGE,
|
||||
$browserBlocklist = [
|
||||
Request::USER_AGENT_IE,
|
||||
];
|
||||
|
||||
if ($this->request->isUserAgent($browserWhitelist)) {
|
||||
return true;
|
||||
if ($this->request->isUserAgent($browserBlocklist)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue