Allow "wasm-unsafe-eval" in CSP

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
nextcloud · Oct 26, 2023 · 321610c · 321610c
1 parent cdb68bb
commit 321610c
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/developer_manual/app_publishing_maintenance/app_upgrade_guide/upgrade_to_28.rst b/developer_manual/app_publishing_maintenance/app_upgrade_guide/upgrade_to_28.rst
@@ -41,6 +41,11 @@ Added APIs
   * ``files:node:moved``: the node has been moved (and its data is already updated)
   * ``files:node:updated``: the node data has been updated
 
+* ``\OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowEvalWasm(bool)``: sets ``wasm-unsafe-eval`` in ``script-src`` of the Content Security Policy `to allow compilation and execution of WebAssembly on the page <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_webassembly_execution>`_
+
+  * ``wasm-unsafe-eval`` is `supported by most browsers <https://caniuse.com/mdn-http_headers_content-security-policy_script-src_wasm-unsafe-eval>`_
+  * WebAssembly compilation and execution in worker threads is not affected by this directive (browsers allow compilation and execution of WebAssembly in worker threads by default)
+
 Changed APIs
 ^^^^^^^^^^^^