public function testConfigureStacked() { $expectedPolicy = "default-src 'none';script-src 'self' script.owncloud.org;style-src 'self' style.owncloud.org;img-src 'self' img.owncloud.org;font-src 'self' font.owncloud.org;connect-src 'self' connect.owncloud.org;media-src 'self' media.owncloud.org;object-src objects.owncloud.org;frame-src frame.owncloud.org;child-src child.owncloud.org"; $this->contentSecurityPolicy->allowInlineStyle(false) ->allowEvalScript(false) ->addAllowedScriptDomain('script.owncloud.org') ->addAllowedStyleDomain('style.owncloud.org') ->addAllowedFontDomain('font.owncloud.org') ->addAllowedImageDomain('img.owncloud.org') ->addAllowedConnectDomain('connect.owncloud.org') ->addAllowedMediaDomain('media.owncloud.org') ->addAllowedObjectDomain('objects.owncloud.org') ->addAllowedChildSrcDomain('child.owncloud.org') ->addAllowedFrameDomain('frame.owncloud.org'); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); }
/** * @PublicPage * @NoCSRFRequired * * @return TemplateResponse */ public function showLibreOnline() { $params = ['urlGenerator' => $this->urlGenerator]; $response = new TemplateResponse($this->appName, 'online', $params, 'blank'); $policy = new ContentSecurityPolicy(); $policy->addAllowedChildSrcDomain('*'); $policy->addAllowedScriptDomain("*"); $policy->addAllowedConnectDomain("*"); $policy->addAllowedStyleDomain("*"); $policy->addAllowedMediaDomain("*"); $policy->addAllowedFontDomain('*'); $policy->addAllowedImageDomain('*'); $policy->addAllowedFrameDomain('*'); $policy->addAllowedObjectDomain('*'); $policy->allowInlineScript(True); $policy->allowInlineStyle(True); $policy->allowEvalScript(True); $response->setContentSecurityPolicy($policy); return $response; }
public function testGetPolicyStyleDisallowInline() { $expectedPolicy = "default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'"; $this->contentSecurityPolicy->allowInlineStyle(false); $this->assertSame($expectedPolicy, $this->contentSecurityPolicy->buildPolicy()); }