YunoHost-Apps/nextcloud_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/nextcloud_ynh.git synced 2024-09-03 19:55:57 +02:00
Code Issues Activity Actions

Adapt CSPv3 disabling patch and add a patch to allow eval in JS scripts for YunoHost tile

Browse source
This commit is contained in:
Jimmy Monin 2018-12-21 00:09:01 +01:00
parent ac68f6a57e
commit 33c3ecb3dc
2 changed files with 24 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
sources/patches_last_version/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch
View file

@ -1,9 +1,9 @@
lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++ .../Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++
lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++- lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++-
2 files changed, 6 insertions(+), 1 deletion(-) 2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
index 088fb2d859..15b05b75d1 100644 index 795d8cc864..5f3c961445 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php --- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php +++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
@@ -70,6 +70,10 @@ class ContentSecurityPolicyNonceManager { @@ -70,6 +70,10 @@ class ContentSecurityPolicyNonceManager {
@ -18,16 +18,16 @@ index 088fb2d859..15b05b75d1 100644
Request::USER_AGENT_CHROME, Request::USER_AGENT_CHROME,
// Firefox 45+ // Firefox 45+
diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
index 6397d32cb9..32281a1734 100644 index 3fcef1d0ef..7ce01a68fc 100644
--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php --- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php +++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
@@ -406,7 +406,8 @@ class EmptyContentSecurityPolicy { @@ -449,7 +449,8 @@ class EmptyContentSecurityPolicy {
if(!empty($this->allowedFontDomains)) { if(!empty($this->allowedFontDomains)) {
$policy .= 'font-src ' . implode(' ', $this->allowedFontDomains); $policy .= 'font-src ' . implode(' ', $this->allowedFontDomains);
- $policy .= ';'; - $policy .= ';';
+ // YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script + // YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script
+ $policy .= ' data:;'; + $policy .= ' data:;';
} }
if(!empty($this->allowedConnectDomains)) { if(!empty($this->allowedConnectDomains)) {

17
sources/patches_last_version/app-02-Allow-for-eval-in-JS-scripts-for-YunoHost-tile.patch Normal file
View file

@ -0,0 +1,17 @@
lib/public/AppFramework/Http/ContentSecurityPolicy.php | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/public/AppFramework/Http/ContentSecurityPolicy.php b/lib/public/AppFramework/Http/ContentSecurityPolicy.php
index e9ecf00036..8e69c8d2dc 100644
--- a/lib/public/AppFramework/Http/ContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/ContentSecurityPolicy.php
@@ -44,7 +44,8 @@ class ContentSecurityPolicy extends EmptyContentSecurityPolicy {
/** @var bool Whether inline JS snippets are allowed */
protected $inlineScriptAllowed = false;
/** @var bool Whether eval in JS scripts is allowed */
- protected $evalScriptAllowed = false;
+ // YunoHost patch: allow for eval in JS scripts for YunoHost tile
+ protected $evalScriptAllowed = true;
/** @var array Domains from which scripts can get loaded */
protected $allowedScriptDomains = [
'\'self\'',