Skip to content

Commit 6e5be85

Browse files
miaulalalamiaulalala
committed
fix(csp): replace removed addAllowedChildSrcDomain with addAllowedFrameDomain
addAllowedChildSrcDomain was removed from the server in nextcloud/server#59544. Replace with addAllowedFrameDomain which, together with the existing addAllowedWorkerSrcDomain, covers the same scope as child-src. AI-Assisted-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Anna Larch <anna@nextcloud.com>
1 parent 9da4c7f commit 6e5be85

2 files changed

Lines changed: 10 additions & 10 deletions

File tree

lib/Controller/PageController.php

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -262,8 +262,8 @@ protected function pageHandler(
262262
$csp->addAllowedMediaDomain('blob:');
263263
$csp->addAllowedWorkerSrcDomain('blob:');
264264
$csp->addAllowedWorkerSrcDomain("'self'");
265-
$csp->addAllowedChildSrcDomain('blob:');
266-
$csp->addAllowedChildSrcDomain("'self'");
265+
$csp->addAllowedFrameDomain('blob:');
266+
$csp->addAllowedFrameDomain("'self'");
267267
$csp->addAllowedScriptDomain('blob:');
268268
$csp->addAllowedScriptDomain("'self'");
269269
$csp->addAllowedScriptDomain("'wasm-unsafe-eval'");
@@ -329,8 +329,8 @@ public function recording(string $token): Response {
329329
$csp->addAllowedMediaDomain('blob:');
330330
$csp->addAllowedWorkerSrcDomain('blob:');
331331
$csp->addAllowedWorkerSrcDomain("'self'");
332-
$csp->addAllowedChildSrcDomain('blob:');
333-
$csp->addAllowedChildSrcDomain("'self'");
332+
$csp->addAllowedFrameDomain('blob:');
333+
$csp->addAllowedFrameDomain("'self'");
334334
$csp->addAllowedScriptDomain('blob:');
335335
$csp->addAllowedScriptDomain("'self'");
336336
$csp->addAllowedScriptDomain("'wasm-unsafe-eval'");
@@ -417,8 +417,8 @@ protected function guestEnterRoom(
417417
$csp->addAllowedMediaDomain('blob:');
418418
$csp->addAllowedWorkerSrcDomain('blob:');
419419
$csp->addAllowedWorkerSrcDomain("'self'");
420-
$csp->addAllowedChildSrcDomain('blob:');
421-
$csp->addAllowedChildSrcDomain("'self'");
420+
$csp->addAllowedFrameDomain('blob:');
421+
$csp->addAllowedFrameDomain("'self'");
422422
$csp->addAllowedScriptDomain('blob:');
423423
$csp->addAllowedScriptDomain("'self'");
424424
$csp->addAllowedScriptDomain("'wasm-unsafe-eval'");
@@ -476,8 +476,8 @@ protected function invitedEmail(
476476
$csp->addAllowedMediaDomain('blob:');
477477
$csp->addAllowedWorkerSrcDomain('blob:');
478478
$csp->addAllowedWorkerSrcDomain("'self'");
479-
$csp->addAllowedChildSrcDomain('blob:');
480-
$csp->addAllowedChildSrcDomain("'self'");
479+
$csp->addAllowedFrameDomain('blob:');
480+
$csp->addAllowedFrameDomain("'self'");
481481
$csp->addAllowedScriptDomain('blob:');
482482
$csp->addAllowedScriptDomain("'self'");
483483
$csp->addAllowedScriptDomain("'wasm-unsafe-eval'");

lib/Listener/CSPListener.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,8 +35,8 @@ public function handle(Event $event): void {
3535
$csp->addAllowedMediaDomain('blob:');
3636
$csp->addAllowedWorkerSrcDomain('blob:');
3737
$csp->addAllowedWorkerSrcDomain("'self'");
38-
$csp->addAllowedChildSrcDomain('blob:');
39-
$csp->addAllowedChildSrcDomain("'self'");
38+
$csp->addAllowedFrameDomain('blob:');
39+
$csp->addAllowedFrameDomain("'self'");
4040
$csp->addAllowedScriptDomain('blob:');
4141
$csp->addAllowedScriptDomain("'self'");
4242
$csp->addAllowedScriptDomain("'wasm-unsafe-eval'");

0 commit comments

Comments
 (0)