StrictContentSecurityPolicy¶
-
class
OCP\AppFramework\Http\
StrictContentSecurityPolicy
¶ - Class StrictContentSecurityPolicy is a simple helper which allows applications tomodify the Content-Security-Policy sent by Nextcloud. Per default only JavaScript,stylesheets, images, fonts, media and connections from the same domain(‘self’) are allowed.Even if a value gets modified above defaults will still get appended. Pleasenotice that Nextcloud ships already with sensible defaults and those policiesshould require no modification at all for most use-cases.This class represents out strictest defaults. They may get change from releaseto release if more strict CSP directives become available.
Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#45 Parent: OCP\AppFramework\Http\EmptyContentSecurityPolicy
Properties¶
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$
inlineScriptAllowed
¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#47 Type: bool Whether inline JS snippets are allowed
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$
evalScriptAllowed
¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#49 Type: bool Whether eval in JS scripts is allowed
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$
allowedScriptDomains
¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#51 Type: array Domains from which scripts can get loaded
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$
inlineStyleAllowed
¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#55 Type: bool Whether inline CSS is allowed
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$
allowedStyleDomains
¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#57 Type: array Domains from which CSS can get loaded
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$
allowedImageDomains
¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#61 Type: array Domains from which images can get loaded
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$
allowedConnectDomains
¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#67 Type: array Domains to which connections can be done
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$
allowedMediaDomains
¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#71 Type: array Domains from which media elements can be loaded
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$
allowedObjectDomains
¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#75 Type: array Domains from which object elements can be loaded
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$
allowedFrameDomains
¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#77 Type: array Domains from which iframes can be loaded
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$
allowedFontDomains
¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#79 Type: array Domains from which fonts can be loaded
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$
allowedChildSrcDomains
¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#83 Type: array Domains from which web-workers and nested browsing content can load elements
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$
allowedFrameAncestors
¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#86 Type: array Domains which can embed this Nextcloud instance