StrictContentSecurityPolicy

class OCP\AppFramework\Http\StrictContentSecurityPolicy
Class StrictContentSecurityPolicy is a simple helper which allows applications to
modify the Content-Security-Policy sent by Nextcloud. Per default only JavaScript,
stylesheets, images, fonts, media and connections from the same domain
(‘self’) are allowed.
Even if a value gets modified above defaults will still get appended. Please
notice that Nextcloud ships already with sensible defaults and those policies
should require no modification at all for most use-cases.

This class represents out strictest defaults. They may get change from release
to release if more strict CSP directives become available.
Source:lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#45
Parent:OCP\AppFramework\Http\EmptyContentSecurityPolicy

Properties

protected static property OCP\AppFramework\Http\StrictContentSecurityPolicy::$inlineScriptAllowed
Source:lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#47
Type:bool Whether inline JS snippets are allowed
protected static property OCP\AppFramework\Http\StrictContentSecurityPolicy::$evalScriptAllowed
Source:lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#49
Type:bool Whether eval in JS scripts is allowed
protected static property OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedScriptDomains
Source:lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#51
Type:array Domains from which scripts can get loaded
protected static property OCP\AppFramework\Http\StrictContentSecurityPolicy::$inlineStyleAllowed
Source:lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#55
Type:bool Whether inline CSS is allowed
protected static property OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedStyleDomains
Source:lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#57
Type:array Domains from which CSS can get loaded
protected static property OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedImageDomains
Source:lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#61
Type:array Domains from which images can get loaded
protected static property OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedConnectDomains
Source:lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#67
Type:array Domains to which connections can be done
protected static property OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedMediaDomains
Source:lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#71
Type:array Domains from which media elements can be loaded
protected static property OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedObjectDomains
Source:lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#75
Type:array Domains from which object elements can be loaded
protected static property OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedFrameDomains
Source:lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#77
Type:array Domains from which iframes can be loaded
protected static property OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedFontDomains
Source:lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#79
Type:array Domains from which fonts can be loaded
protected static property OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedChildSrcDomains
Source:lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#83
Type:array Domains from which web-workers and nested browsing content can load elements
protected static property OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedFrameAncestors
Source:lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#86
Type:array Domains which can embed this Nextcloud instance