ContentSecurityPolicy

class OCP\AppFramework\Http\ContentSecurityPolicy
Class ContentSecurityPolicy is a simple helper which allows applications to
modify the Content-Security-Policy sent by Nextcloud. Per default only JavaScript,
stylesheets, images, fonts, media and connections from the same domain
(‘self’) are allowed.
Even if a value gets modified above defaults will still get appended. Please
notice that Nextcloud ships already with sensible defaults and those policies
should require no modification at all for most use-cases.

This class allows unsafe-inline of CSS.
Source:lib/public/AppFramework/Http/ContentSecurityPolicy.php#43
Parent:OCP\AppFramework\Http\EmptyContentSecurityPolicy

Properties

protected static property OCP\AppFramework\Http\ContentSecurityPolicy::$inlineScriptAllowed
Source:lib/public/AppFramework/Http/ContentSecurityPolicy.php#45
Type:bool Whether inline JS snippets are allowed
protected static property OCP\AppFramework\Http\ContentSecurityPolicy::$evalScriptAllowed
Source:lib/public/AppFramework/Http/ContentSecurityPolicy.php#47
Type:bool Whether eval in JS scripts is allowed
protected static property OCP\AppFramework\Http\ContentSecurityPolicy::$allowedScriptDomains
Source:lib/public/AppFramework/Http/ContentSecurityPolicy.php#49
Type:array Domains from which scripts can get loaded
protected static property OCP\AppFramework\Http\ContentSecurityPolicy::$inlineStyleAllowed
Source:lib/public/AppFramework/Http/ContentSecurityPolicy.php#57
Type:bool Whether inline CSS is allowed TODO: Disallow per default
protected static property OCP\AppFramework\Http\ContentSecurityPolicy::$allowedStyleDomains
Source:lib/public/AppFramework/Http/ContentSecurityPolicy.php#59
Type:array Domains from which CSS can get loaded
protected static property OCP\AppFramework\Http\ContentSecurityPolicy::$allowedImageDomains
Source:lib/public/AppFramework/Http/ContentSecurityPolicy.php#63
Type:array Domains from which images can get loaded
protected static property OCP\AppFramework\Http\ContentSecurityPolicy::$allowedConnectDomains
Source:lib/public/AppFramework/Http/ContentSecurityPolicy.php#69
Type:array Domains to which connections can be done
protected static property OCP\AppFramework\Http\ContentSecurityPolicy::$allowedMediaDomains
Source:lib/public/AppFramework/Http/ContentSecurityPolicy.php#73
Type:array Domains from which media elements can be loaded
protected static property OCP\AppFramework\Http\ContentSecurityPolicy::$allowedObjectDomains
Source:lib/public/AppFramework/Http/ContentSecurityPolicy.php#77
Type:array Domains from which object elements can be loaded
protected static property OCP\AppFramework\Http\ContentSecurityPolicy::$allowedFrameDomains
Source:lib/public/AppFramework/Http/ContentSecurityPolicy.php#79
Type:array Domains from which iframes can be loaded
protected static property OCP\AppFramework\Http\ContentSecurityPolicy::$allowedFontDomains
Source:lib/public/AppFramework/Http/ContentSecurityPolicy.php#81
Type:array Domains from which fonts can be loaded
protected static property OCP\AppFramework\Http\ContentSecurityPolicy::$allowedChildSrcDomains
Source:lib/public/AppFramework/Http/ContentSecurityPolicy.php#86
Type:array Domains from which web-workers and nested browsing content can load elements
protected static property OCP\AppFramework\Http\ContentSecurityPolicy::$allowedFrameAncestors
Source:lib/public/AppFramework/Http/ContentSecurityPolicy.php#89
Type:array Domains which can embed this Nextcloud instance
protected static property OCP\AppFramework\Http\ContentSecurityPolicy::$allowedWorkerSrcDomains
Source:lib/public/AppFramework/Http/ContentSecurityPolicy.php#94
Type:array Domains from which web-workers can be loaded
protected static property OCP\AppFramework\Http\ContentSecurityPolicy::$allowedFormActionDomains
Source:lib/public/AppFramework/Http/ContentSecurityPolicy.php#97
Type:array Domains which can be used as target for forms
protected static property OCP\AppFramework\Http\ContentSecurityPolicy::$reportTo
Source:lib/public/AppFramework/Http/ContentSecurityPolicy.php#102
Type:array Locations to report violations to