StrictContentSecurityPolicy¶
-
class
OCP\AppFramework\Http\StrictContentSecurityPolicy¶ - Class StrictContentSecurityPolicy is a simple helper which allows applications tomodify the Content-Security-Policy sent by Nextcloud. Per default only JavaScript,stylesheets, images, fonts, media and connections from the same domain(‘self’) are allowed.Even if a value gets modified above defaults will still get appended. Pleasenotice that Nextcloud ships already with sensible defaults and those policiesshould require no modification at all for most use-cases.This class represents out strictest defaults. They may get change from releaseto release if more strict CSP directives become available.
Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#45 Parent: OCP\AppFramework\Http\EmptyContentSecurityPolicy
Properties¶
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$inlineScriptAllowed¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#47 Type: bool Whether inline JS snippets are allowed
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$evalScriptAllowed¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#49 Type: bool Whether eval in JS scripts is allowed
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedScriptDomains¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#51 Type: array Domains from which scripts can get loaded
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$inlineStyleAllowed¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#55 Type: bool Whether inline CSS is allowed
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedStyleDomains¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#57 Type: array Domains from which CSS can get loaded
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedImageDomains¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#61 Type: array Domains from which images can get loaded
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedConnectDomains¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#67 Type: array Domains to which connections can be done
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedMediaDomains¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#71 Type: array Domains from which media elements can be loaded
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedObjectDomains¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#75 Type: array Domains from which object elements can be loaded
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedFrameDomains¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#77 Type: array Domains from which iframes can be loaded
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedFontDomains¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#79 Type: array Domains from which fonts can be loaded
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedChildSrcDomains¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#83 Type: array Domains from which web-workers and nested browsing content can load elements
-
protected static property
OCP\AppFramework\Http\StrictContentSecurityPolicy::$allowedFrameAncestors¶ Source: lib/public/AppFramework/Http/StrictContentSecurityPolicy.php#86 Type: array Domains which can embed this Nextcloud instance