Skip to content

Commit f2aef99

Browse files
ChristophWurstChristophWurst
committed
fixup! chore(appframework)!: Drop \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript
Signed-off-by: Christoph Wurst <[email protected]>
1 parent b157f86 commit f2aef99

File tree

3 files changed

+3
-25
lines changed

3 files changed

+3
-25
lines changed

tests/lib/AppFramework/Http/ContentSecurityPolicyTest.php

Lines changed: 1 addition & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -68,25 +68,9 @@ public function testGetPolicyDisallowScriptDomainMultipleStacked() {
6868
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
6969
}
7070

71-
public function testGetPolicyScriptAllowInline() {
72-
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'";
73-
74-
$this->contentSecurityPolicy->allowInlineScript(true);
75-
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
76-
}
77-
78-
public function testGetPolicyScriptAllowInlineWithDomain() {
79-
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' www.owncloud.com 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'";
80-
81-
$this->contentSecurityPolicy->addAllowedScriptDomain('www.owncloud.com');
82-
$this->contentSecurityPolicy->allowInlineScript(true);
83-
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
84-
}
85-
86-
public function testGetPolicyScriptDisallowInlineAndEval() {
71+
public function testGetPolicyScriptDisallowEval() {
8772
$expectedPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'";
8873

89-
$this->contentSecurityPolicy->allowInlineScript(false);
9074
$this->contentSecurityPolicy->allowEvalScript(false);
9175
$this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy());
9276
}

tests/lib/AppFramework/Http/ResponseTest.php

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,6 @@ public function testOverwriteCsp() {
6767
'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self';font-src 'self' data:;connect-src 'self';media-src 'self'",
6868
];
6969
$policy = new Http\ContentSecurityPolicy();
70-
$policy->allowInlineScript(true);
7170

7271
$this->childResponse->setContentSecurityPolicy($policy);
7372
$headers = $this->childResponse->getHeaders();
@@ -77,7 +76,6 @@ public function testOverwriteCsp() {
7776

7877
public function testGetCsp() {
7978
$policy = new Http\ContentSecurityPolicy();
80-
$policy->allowInlineScript(true);
8179

8280
$this->childResponse->setContentSecurityPolicy($policy);
8381
$this->assertEquals($policy, $this->childResponse->getContentSecurityPolicy());

tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,6 @@ public function testGetDefaultPolicyWithPolicies() {
5656
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy();
5757
$policy->addAllowedFontDomain('example.com');
5858
$policy->addAllowedImageDomain('example.org');
59-
$policy->allowInlineScript(true);
6059
$policy->allowEvalScript(true);
6160
$this->contentSecurityPolicyManager->addDefaultPolicy($policy);
6261
$policy = new \OCP\AppFramework\Http\EmptyContentSecurityPolicy();
@@ -66,7 +65,6 @@ public function testGetDefaultPolicyWithPolicies() {
6665
$this->contentSecurityPolicyManager->addDefaultPolicy($policy);
6766

6867
$expected = new \OC\Security\CSP\ContentSecurityPolicy();
69-
$expected->allowInlineScript(true);
7068
$expected->allowEvalScript(true);
7169
$expected->addAllowedFontDomain('mydomain.com');
7270
$expected->addAllowedFontDomain('example.com');
@@ -75,7 +73,7 @@ public function testGetDefaultPolicyWithPolicies() {
7573
$expected->addAllowedImageDomain('anotherdomain.de');
7674
$expected->addAllowedImageDomain('example.org');
7775
$expected->addAllowedChildSrcDomain('childdomain');
78-
$expectedStringPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: anotherdomain.de example.org;font-src 'self' data: mydomain.com example.com anotherFontDomain;connect-src 'self';media-src 'self';child-src childdomain;frame-ancestors 'self';form-action 'self' thirdDomain";
76+
$expectedStringPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: anotherdomain.de example.org;font-src 'self' data: mydomain.com example.com anotherFontDomain;connect-src 'self';media-src 'self';child-src childdomain;frame-ancestors 'self';form-action 'self' thirdDomain";
7977

8078
$this->assertEquals($expected, $this->contentSecurityPolicyManager->getDefaultPolicy());
8179
$this->assertSame($expectedStringPolicy, $this->contentSecurityPolicyManager->getDefaultPolicy()->buildPolicy());
@@ -96,7 +94,6 @@ public function testGetDefaultPolicyWithPoliciesViaEvent() {
9694
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy();
9795
$policy->addAllowedFontDomain('example.com');
9896
$policy->addAllowedImageDomain('example.org');
99-
$policy->allowInlineScript(true);
10097
$policy->allowEvalScript(false);
10198
$e->addPolicy($policy);
10299
});
@@ -110,7 +107,6 @@ public function testGetDefaultPolicyWithPoliciesViaEvent() {
110107
});
111108

112109
$expected = new \OC\Security\CSP\ContentSecurityPolicy();
113-
$expected->allowInlineScript(true);
114110
$expected->allowEvalScript(true);
115111
$expected->addAllowedFontDomain('mydomain.com');
116112
$expected->addAllowedFontDomain('example.com');
@@ -120,7 +116,7 @@ public function testGetDefaultPolicyWithPoliciesViaEvent() {
120116
$expected->addAllowedChildSrcDomain('childdomain');
121117
$expected->addAllowedFormActionDomain('thirdDomain');
122118
$expected->useStrictDynamic(true);
123-
$expectedStringPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: anotherdomain.de example.org;font-src 'self' data: mydomain.com example.com anotherFontDomain;connect-src 'self';media-src 'self';child-src childdomain;frame-ancestors 'self';form-action 'self' thirdDomain";
119+
$expectedStringPolicy = "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: anotherdomain.de example.org;font-src 'self' data: mydomain.com example.com anotherFontDomain;connect-src 'self';media-src 'self';child-src childdomain;frame-ancestors 'self';form-action 'self' thirdDomain";
124120

125121
$this->assertEquals($expected, $this->contentSecurityPolicyManager->getDefaultPolicy());
126122
$this->assertSame($expectedStringPolicy, $this->contentSecurityPolicyManager->getDefaultPolicy()->buildPolicy());

0 commit comments

Comments
 (0)