public function testGetPolicyMediaDomainValidMultiple() { $expectedPolicy = "default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self';font-src 'self';connect-src 'self';media-src 'self' www.owncloud.com www.owncloud.org"; $this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.com'); $this->contentSecurityPolicy->addAllowedMediaDomain('www.owncloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); }
/** * @PublicPage * @NoCSRFRequired * * @return TemplateResponse */ public function showLibreOnline() { $params = ['urlGenerator' => $this->urlGenerator]; $response = new TemplateResponse($this->appName, 'online', $params, 'blank'); $policy = new ContentSecurityPolicy(); $policy->addAllowedChildSrcDomain('*'); $policy->addAllowedScriptDomain("*"); $policy->addAllowedConnectDomain("*"); $policy->addAllowedStyleDomain("*"); $policy->addAllowedMediaDomain("*"); $policy->addAllowedFontDomain('*'); $policy->addAllowedImageDomain('*'); $policy->addAllowedFrameDomain('*'); $policy->addAllowedObjectDomain('*'); $policy->allowInlineScript(True); $policy->allowInlineStyle(True); $policy->allowEvalScript(True); $response->setContentSecurityPolicy($policy); return $response; }