fix(CSP): Add CSP nonce by default and convert browserSupportsCspV3…

… to blocklist Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
nextcloud · Mar 26, 2024 · 5a513c9 · 5a513c9
1 parent 4121b84
commit 5a513c9
Showing 1 changed file with 5 additions and 8 deletions.
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
@@ -65,17 +65,14 @@ public function getNonce(): string {
 	 * Check if the browser supports CSP v3
 	 */
 	public function browserSupportsCspV3(): bool {
-		$browserWhitelist = [
-			Request::USER_AGENT_CHROME,
-			Request::USER_AGENT_FIREFOX,
-			Request::USER_AGENT_SAFARI,
-			Request::USER_AGENT_MS_EDGE,
+		$browserBlocklist = [
+			Request::USER_AGENT_IE,
 		];
 
-		if ($this->request->isUserAgent($browserWhitelist)) {
-			return true;
+		if ($this->request->isUserAgent($browserBlocklist)) {
+			return false;
 		}
 
-		return false;
+		return true;
 	}
 }