Merge pull request #1074 from nextcloud/backport-1050
Backport of fix internal links in security & setup warnings #1050
This commit is contained in:
commit
c8d90cca29
|
@ -263,6 +263,7 @@
|
|||
var messages = [];
|
||||
|
||||
if (xhr.status === 200) {
|
||||
var tipsUrl = OC.generateUrl('settings/admin/tips-tricks');
|
||||
if(OC.getProtocol() === 'https') {
|
||||
// Extract the value of 'Strict-Transport-Security'
|
||||
var transportSecurityValidity = xhr.getResponseHeader('Strict-Transport-Security');
|
||||
|
@ -278,13 +279,13 @@
|
|||
var minimumSeconds = 15552000;
|
||||
if(isNaN(transportSecurityValidity) || transportSecurityValidity <= (minimumSeconds - 1)) {
|
||||
messages.push({
|
||||
msg: t('core', 'The "Strict-Transport-Security" HTTP header is not configured to at least "{seconds}" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="{docUrl}" rel="noreferrer">security tips</a>.', {'seconds': minimumSeconds, docUrl: '#admin-tips'}),
|
||||
msg: t('core', 'The "Strict-Transport-Security" HTTP header is not configured to at least "{seconds}" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="{docUrl}" rel="noreferrer">security tips</a>.', {'seconds': minimumSeconds, docUrl: tipsUrl}),
|
||||
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
|
||||
});
|
||||
}
|
||||
} else {
|
||||
messages.push({
|
||||
msg: t('core', 'You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our <a href="{docUrl}">security tips</a>.', {docUrl: '#admin-tips'}),
|
||||
msg: t('core', 'You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our <a href="{docUrl}">security tips</a>.', {docUrl: tipsUrl}),
|
||||
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
|
||||
});
|
||||
}
|
||||
|
|
|
@ -496,7 +496,7 @@ describe('OC.SetupChecks tests', function() {
|
|||
|
||||
async.done(function( data, s, x ){
|
||||
expect(data).toEqual([{
|
||||
msg: 'You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our <a href="#admin-tips">security tips</a>.',
|
||||
msg: 'You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our <a href="http://localhost/index.php/settings/admin/tips-tricks">security tips</a>.',
|
||||
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
|
||||
}]);
|
||||
done();
|
||||
|
@ -542,7 +542,7 @@ describe('OC.SetupChecks tests', function() {
|
|||
|
||||
async.done(function( data, s, x ){
|
||||
expect(data).toEqual([{
|
||||
msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips" rel="noreferrer">security tips</a>.',
|
||||
msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="http://localhost/index.php/settings/admin/tips-tricks" rel="noreferrer">security tips</a>.',
|
||||
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
|
||||
}]);
|
||||
done();
|
||||
|
@ -567,7 +567,7 @@ describe('OC.SetupChecks tests', function() {
|
|||
|
||||
async.done(function( data, s, x ){
|
||||
expect(data).toEqual([{
|
||||
msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips" rel="noreferrer">security tips</a>.',
|
||||
msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="http://localhost/index.php/settings/admin/tips-tricks" rel="noreferrer">security tips</a>.',
|
||||
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
|
||||
}]);
|
||||
done();
|
||||
|
@ -592,7 +592,7 @@ describe('OC.SetupChecks tests', function() {
|
|||
|
||||
async.done(function( data, s, x ){
|
||||
expect(data).toEqual([{
|
||||
msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips" rel="noreferrer">security tips</a>.',
|
||||
msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="http://localhost/index.php/settings/admin/tips-tricks" rel="noreferrer">security tips</a>.',
|
||||
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
|
||||
}]);
|
||||
done();
|
||||
|
|
|
@ -145,7 +145,7 @@
|
|||
<ul class="warnings hidden"></ul>
|
||||
<ul class="info hidden"></ul>
|
||||
<p class="hint hidden">
|
||||
<?php print_unescaped($l->t('Please double check the <a target="_blank" rel="noreferrer" href="%s">installation guides ↗</a>, and check for any errors or warnings in the <a href="#log-section">log</a>.', link_to_docs('admin-install'))); ?>
|
||||
<?php print_unescaped($l->t('Please double check the <a target="_blank" rel="noreferrer" href="%s">installation guides ↗</a>, and check for any errors or warnings in the <a href="%s">log</a>.', [link_to_docs('admin-install'), \OC::$server->getURLGenerator()->linkToRoute('settings.AdminSettings.index', ['section' => 'logging'])] )); ?>
|
||||
</p>
|
||||
</div>
|
||||
<div id="security-warning-state">
|
||||
|
|
Loading…
Reference in New Issue