IContentSecurityPolicyManager¶
-
interface
OCP\Security\
IContentSecurityPolicyManager
¶ - Used for Content Security Policy manipulations
Implemented by: OC\Security\CSP\ContentSecurityPolicyManager
Source: lib/public/Security/IContentSecurityPolicyManager.php#38
Methods¶
-
public
OCP\Security\IContentSecurityPolicyManager::
addDefaultPolicy
($policy)¶ - Allows to inject something into the default content policy. This is forexample useful when you’re injecting Javascript code into a view belongingto another controller and cannot modify its Content-Security-Policy itself.Note that the adjustment is only applied to applications that use AppFrameworkcontrollers.To use this from your `app.php` use `\OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy)`,$policy has to be of type `\OCP\AppFramework\Http\ContentSecurityPolicy`.WARNING: Using this API incorrectly may make the instance more insecure.Do think twice before adding whitelisting resources. Please do also notethat it is not possible to use the `disallowXYZ` functions.
Source: Parameters: Since: 9.0.0
Deprecated: 17.0.0 listen to the AddContentSecurityPolicyEvent to add a policy