ContentSecurityPolicy¶
-
class
OCP\AppFramework\Http\
ContentSecurityPolicy
¶ - Class ContentSecurityPolicy is a simple helper which allows applications tomodify the Content-Security-Policy sent by Nextcloud. Per default only JavaScript,stylesheets, images, fonts, media and connections from the same domain(‘self’) are allowed.Even if a value gets modified above defaults will still get appended. Pleasenotice that Nextcloud ships already with sensible defaults and those policiesshould require no modification at all for most use-cases.This class allows unsafe-inline of CSS.
Source: lib/public/AppFramework/Http/ContentSecurityPolicy.php#43 Parent: OCP\AppFramework\Http\EmptyContentSecurityPolicy
Properties¶
-
protected static property
OCP\AppFramework\Http\ContentSecurityPolicy::$
inlineScriptAllowed
¶ Source: lib/public/AppFramework/Http/ContentSecurityPolicy.php#45 Type: bool Whether inline JS snippets are allowed
-
protected static property
OCP\AppFramework\Http\ContentSecurityPolicy::$
evalScriptAllowed
¶ Source: lib/public/AppFramework/Http/ContentSecurityPolicy.php#47 Type: bool Whether eval in JS scripts is allowed
-
protected static property
OCP\AppFramework\Http\ContentSecurityPolicy::$
allowedScriptDomains
¶ Source: lib/public/AppFramework/Http/ContentSecurityPolicy.php#49 Type: array Domains from which scripts can get loaded
-
protected static property
OCP\AppFramework\Http\ContentSecurityPolicy::$
inlineStyleAllowed
¶ Source: lib/public/AppFramework/Http/ContentSecurityPolicy.php#57 Type: bool Whether inline CSS is allowed TODO: Disallow per default
-
protected static property
OCP\AppFramework\Http\ContentSecurityPolicy::$
allowedStyleDomains
¶ Source: lib/public/AppFramework/Http/ContentSecurityPolicy.php#59 Type: array Domains from which CSS can get loaded
-
protected static property
OCP\AppFramework\Http\ContentSecurityPolicy::$
allowedImageDomains
¶ Source: lib/public/AppFramework/Http/ContentSecurityPolicy.php#63 Type: array Domains from which images can get loaded
-
protected static property
OCP\AppFramework\Http\ContentSecurityPolicy::$
allowedConnectDomains
¶ Source: lib/public/AppFramework/Http/ContentSecurityPolicy.php#69 Type: array Domains to which connections can be done
-
protected static property
OCP\AppFramework\Http\ContentSecurityPolicy::$
allowedMediaDomains
¶ Source: lib/public/AppFramework/Http/ContentSecurityPolicy.php#73 Type: array Domains from which media elements can be loaded
-
protected static property
OCP\AppFramework\Http\ContentSecurityPolicy::$
allowedObjectDomains
¶ Source: lib/public/AppFramework/Http/ContentSecurityPolicy.php#77 Type: array Domains from which object elements can be loaded
-
protected static property
OCP\AppFramework\Http\ContentSecurityPolicy::$
allowedFrameDomains
¶ Source: lib/public/AppFramework/Http/ContentSecurityPolicy.php#79 Type: array Domains from which iframes can be loaded
-
protected static property
OCP\AppFramework\Http\ContentSecurityPolicy::$
allowedFontDomains
¶ Source: lib/public/AppFramework/Http/ContentSecurityPolicy.php#81 Type: array Domains from which fonts can be loaded
-
protected static property
OCP\AppFramework\Http\ContentSecurityPolicy::$
allowedChildSrcDomains
¶ Source: lib/public/AppFramework/Http/ContentSecurityPolicy.php#86 Type: array Domains from which web-workers and nested browsing content can load elements
-
protected static property
OCP\AppFramework\Http\ContentSecurityPolicy::$
allowedFrameAncestors
¶ Source: lib/public/AppFramework/Http/ContentSecurityPolicy.php#89 Type: array Domains which can embed this Nextcloud instance
-
protected static property
OCP\AppFramework\Http\ContentSecurityPolicy::$
allowedWorkerSrcDomains
¶ Source: lib/public/AppFramework/Http/ContentSecurityPolicy.php#94 Type: array Domains from which web-workers can be loaded
-
protected static property
OCP\AppFramework\Http\ContentSecurityPolicy::$
allowedFormActionDomains
¶ Source: lib/public/AppFramework/Http/ContentSecurityPolicy.php#97 Type: array Domains which can be used as target for forms
-
protected static property
OCP\AppFramework\Http\ContentSecurityPolicy::$
reportTo
¶ Source: lib/public/AppFramework/Http/ContentSecurityPolicy.php#102 Type: array Locations to report violations to