Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add worker-src to CSP #11040

Merged
merged 2 commits into from
Sep 4, 2018
Merged

Add worker-src to CSP #11040

merged 2 commits into from
Sep 4, 2018

Conversation

rullzer
Copy link
Member

@rullzer rullzer commented Sep 3, 2018

Fixes #11035

@rullzer rullzer added enhancement 3. to review Waiting for reviews labels Sep 3, 2018
@rullzer rullzer added this to the Nextcloud 15 milestone Sep 3, 2018
@skjnldsv
Copy link
Member

skjnldsv commented Sep 3, 2018

I have no idea how to review this :/
Any hint? :)

ChristophWurst
ChristophWurst previously requested changes Sep 4, 2018
View reviewed changes
lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php Outdated
* @since 15.0.0
*/
public function disallowWorkerSrcDomain(string $domain) {
$this->allowedWorkerSrcDomains[] = array_diff($this->allowedWorkerSrcDomains, [$domain]);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't seem right.

$ php -a
Interactive shell

php > $arr = [1, 2, 3];
php > print_r($arr);
Array
(
    [0] => 1
    [1] => 2
    [2] => 3
)
php > $arr[] = array_diff($arr, [2]);
php > print_r($arr);
Array
(
    [0] => 1
    [1] => 2
    [2] => 3
    [3] => Array
        (
            [0] => 1
            [2] => 3
        )

)
php >

But

php > $arr = [1, 2, 3];
php > $arr = array_diff($arr, [2]);
php > print_r($arr);
Array
(
    [0] => 1
    [2] => 3
)
php >

does 😉

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

woeps

@rullzer
Add workerSrc to CSP
c8fe4b4 
Fixes #11035

Since the child-src directive is deprecated (we should kill it at some
point) we need to have the proper worker-src available

Signed-off-by: Roeland Jago Douma <[email protected]>
@rullzer
Deprecate the childSrc functions
8354c50 
Signed-off-by: Roeland Jago Douma <[email protected]>
@rullzer
Copy link
Member Author

rullzer commented Sep 4, 2018

@skjnldsv it is mostly following the code. The CSP is pretty straight forward.

ChristophWurst
ChristophWurst approved these changes Sep 4, 2018
View reviewed changes
Copy link
Member

@ChristophWurst ChristophWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes looks good and kinda make sense 🐘

@rullzer rullzer merged commit 52012be into master Sep 4, 2018
@rullzer rullzer deleted the feature/11035/worker-src branch September 4, 2018 07:50
@GTVolk GTVolk mentioned this pull request Dec 19, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@skjnldsv skjnldsv skjnldsv approved these changes

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

@blizzz blizzz Awaiting requested review from blizzz

@juliushaertl juliushaertl Awaiting requested review from juliushaertl

Assignees
No one assigned
Labels
3. to review Waiting for reviews enhancement
Projects
None yet
Milestone
Nextcloud 15
Development

Successfully merging this pull request may close these issues.
3 participants
@rullzer @skjnldsv @ChristophWurst