dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 60557e0) | patch
CSP: Allow an option of disabling nonces
authorBrian Wolff <bawolff+wn@gmail.com>
Mon, 2 Jul 2018 06:52:51 +0000 (06:52 +0000)
committerJforrester <jforrester@wikimedia.org>
Tue, 10 Jul 2018 00:12:32 +0000 (00:12 +0000)
commit53a18d12949029f365d7de7d24d12e61333513a1
tree4c428721688b2db17929f57a280abd97f4827247tree | snapshot
parent60557e0370980e23a9f07ab412ccd73e10223652commit | diff
CSP: Allow an option of disabling nonces

The current rollout plan calls for initial rollout to only
disallow external JS, and leave removing unsafe inline stuff
to a later date. Thus this adds a useNonces option to the CSP
config to allow that.

Renamed ContentSecurityPolicy::isEnabled() to isNonceRequired
for clarity. The old name has never been in a released version
of MediaWiki, so is removed immediately.

Change-Id: I756d8e97b77c6f97dbbf040a20c8750fecb157c5
includes/ContentSecurityPolicy.php diff | blob | history
includes/DefaultSettings.php diff | blob | history
includes/Html.php diff | blob | history
includes/OutputPage.php diff | blob | history
tests/phpunit/includes/ContentSecurityPolicyTest.php diff | blob | history
Wiklou, le Wiki du Wiklou