-
Lukas Reschke authoredPages that do not use the AppFramework have its CSP inherited from `\OC_Response::addSecurityHeaders`. While those are not many anymore, there are some examples such as the "Help" page. To stay completely backwards-compatible we should also add the nonce to the legacy CSP response. To test that open your browser console and open the help page. Without this you will get a JS error. With this you won't. Signed-off-by:
Lukas Reschke <lukas@statuscode.ch>Lukas Reschke authoredPages that do not use the AppFramework have its CSP inherited from `\OC_Response::addSecurityHeaders`. While those are not many anymore, there are some examples such as the "Help" page. To stay completely backwards-compatible we should also add the nonce to the legacy CSP response. To test that open your browser console and open the help page. Without this you will get a JS error. With this you won't. Signed-off-by:Lukas Reschke <lukas@statuscode.ch>