IContentSecurityPolicyManager.php 1.8 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Lukas Reschke <lukas@statuscode.ch>
  6. *
  7. * @license AGPL-3.0
  8. *
  9. * This code is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU Affero General Public License, version 3,
  11. * as published by the Free Software Foundation.
  12. *
  13. * This program is distributed in the hope that it will be useful,
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. * GNU Affero General Public License for more details.
  17. *
  18. * You should have received a copy of the GNU Affero General Public License, version 3,
  19. * along with this program. If not, see <http://www.gnu.org/licenses/>
  20. *
  21. */
  22. namespace OCP\Security;
  23. use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
  24. /**
  25. * Used for Content Security Policy manipulations
  26. *
  27. * @package OCP\Security
  28. * @since 9.0.0
  29. */
  30. interface IContentSecurityPolicyManager {
  31. /**
  32. * Allows to inject something into the default content policy. This is for
  33. * example useful when you're injecting Javascript code into a view belonging
  34. * to another controller and cannot modify its Content-Security-Policy itself.
  35. * Note that the adjustment is only applied to applications that use AppFramework
  36. * controllers.
  37. *
  38. * To use this from your `app.php` use `\OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy)`,
  39. * $policy has to be of type `\OCP\AppFramework\Http\ContentSecurityPolicy`.
  40. *
  41. * WARNING: Using this API incorrectly may make the instance more insecure.
  42. * Do think twice before adding whitelisting resources. Please do also note
  43. * that it is not possible to use the `disallowXYZ` functions.
  44. *
  45. * @param EmptyContentSecurityPolicy $policy
  46. * @since 9.0.0
  47. */
  48. public function addDefaultPolicy(EmptyContentSecurityPolicy $policy);
  49. }