Ralph Slooten
be42df8e48
Referrer fix (no-referrer)
...
Blocking referrer information should be done with "no-referrer" and not "never". See
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
Signed-off-by: Ralph Slooten <axllent@gmail.com>
2018-02-08 08:31:24 +13:00
Morris Jobke
a661f043e1
Remove unneeded semicolon and parentheses
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 23:46:40 +01:00
John Molakvoæ (skjnldsv)
21fbcba68d
Removed unwanted and unused spacer
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2017-12-12 16:45:56 +01:00
Julius Härtl
699c64c750
Add manifest.json to the login page
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-09-12 09:23:13 +02:00
Morris Jobke
585e5c6ea5
Logo claim is not used anymore
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-02 23:08:45 +02:00
Michael Letzgus
0d320fba4b
Streamline templates, more DRY
...
Use Unified function to emit <link> tags for css loading, obey "Don't Repeat Yourself" ;-)
(Next step might by to combine this with the emit <script> function (even more DRY?) AND move all this to a better place?)
Signed-off-by: Michael Letzgus <michaelletzgus@users.noreply.github.com>
2017-05-25 11:13:43 +02:00
Michael Letzgus
fb9f13d4c1
Make page loading faster by deferred script loading:
...
* Create generalized function for emmitting <script defer src=""> tags to templates
* Remove type attribute from inline_js
* Add defer attribute to external <script> tags
Signed-off-by: Michael Letzgus <michaelletzgus@users.noreply.github.com>
2017-05-20 13:44:04 +02:00
Lukas Reschke
26f7a3b462
Check if Nextcloud is installed
...
Fixes https://github.com/nextcloud/server/issues/4735
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-08 15:10:53 +02:00
Robin Appelman
c50b7addc7
smaller max logo sizes and cleaner code
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-05-02 13:01:11 -03:00
Robin Appelman
fa52f906e3
show non landscape icons bigger on the login page
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-05-01 19:05:21 +02:00
Jan-Christoph Borchardt
9a75714c22
rename confusing getMailHeaderColor to getColorPrimary, ref #3491
...
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-03-29 18:23:23 +02:00
Roeland Jago Douma
1ae56b054b
Moving the inline js before the CSS
...
This allows browsers to do smarted parallel downloads
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-28 22:02:22 +02:00
Jan-Christoph Borchardt
ea517b489f
use theming colors for favicon on macOS
...
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-03-27 15:45:56 +02:00
Roeland Jago Douma
6dbe417c51
Inlince oc.js if possible!
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 22:03:18 +02:00
Lukas Reschke
38b3ac8213
Add ContentSecurityPolicyNonceManager
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 16:35:31 +02:00
Lukas Reschke
9e6634814e
Add support for CSP nonces
...
CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce.
At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.)
IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO.
Implementing this offers the following advantages:
1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist
2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file.
If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 12:27:50 +02:00
Hendrik Leppelsack
c47833718f
remove svg classes
2016-07-01 16:36:37 +02:00
Hendrik Leppelsack
e5d8726859
remove ie8+9 support
2016-06-23 12:34:53 +02:00
C. Montero Luque
0393e80c7c
Merge pull request #16857 from owncloud/printStylesheets
...
Support for print stylesheets
2016-03-31 22:13:44 +02:00
Daniel Aleksandersen
7a45f05ed5
Stupid clients only literally understand rel="icon"
...
rel="shortcut icon" hasn’t been relevant in years, isn’t in any
standards, and causes problems for simple pattern matching clients.
https://www.w3.org/TR/html/links.html#linkTypes
2016-03-08 21:09:34 +01:00
Hendrik Leppelsack
99b9ec41c1
support print stylesheets
2016-01-13 15:12:11 +01:00
Thomas Müller
2e8d8bf4ef
Merge pull request #20236 from maprambo/safari-pinned-tab-icon
...
added Safari tabbed pin icon
2015-11-09 11:12:38 +01:00
maprambo
edb1fee610
Added Safari tabbed pin icon
...
Added the necessary code and a black and inverted version of the favicon/ touch icon in svg format
2015-11-04 19:31:17 +01:00
Morris Jobke
069ed71dbe
Add favicon for IE 8+
2015-11-03 14:24:20 +01:00
Lukas Reschke
436c149fbb
Prevent referer from being sent
...
Nice hardening for enhanced privacy. Especially useful when using embedded viewers such as files_pdfviewer.
2015-09-09 18:07:43 +02:00
Jan-Christoph Borchardt
0b27bcba76
add theme-color for better Android browser integration
2015-07-29 18:16:01 +02:00
Volker E
599ee5ce4e
fixing #15023 , getting comments out of HTML output
2015-03-21 07:10:46 +01:00
Volker E
0d0c73cf2b
fixing #15011 by adding ARIA roles where distinct
2015-03-18 19:29:15 +01:00
Volker E
790324b313
addressing #14984 removing redundant type attributes
2015-03-18 05:33:17 +01:00
Volker E
4c46d0c46c
addressing #14983 obsolete Google Chrome Frame
2015-03-18 02:11:47 +01:00
Volker E
6ad76b5cc2
addressing #14982 self-closing tags ending slash doesn't have a purpose & should be removed
2015-03-17 23:57:23 +01:00
Volker E
25b77159c4
adressing #14979 meta charset declaration should be first in head
2015-03-17 23:36:05 +01:00
Volker E
f3cd552797
addressing #14978 - remove html root classes targeting IE6/IE7
2015-03-17 22:35:20 +01:00
Joas Schilling
4172ba48d4
Deduplicate template code and do not translate the links
2015-02-09 16:01:52 +01:00
Lukas Reschke
b432ea29c9
Add `rel="noreferrer"` where possible and switch to HTTPS
...
Just to follow good practise and prevent some automated scanners to complain about "Cross-domain Referer leakage".
2015-02-04 16:25:37 +01:00
Jan-Christoph Borchardt
ea548cdaaa
fix accessibility of logos
2014-12-18 10:51:41 +01:00
Jan-Christoph Borchardt
45c6ec8582
introduce h1, use either ownCloud name or current app name
2014-11-06 13:26:38 +01:00
Lukas Reschke
510d0b2cf3
Fix the "addHeader($tag, $attributes, $text)" methods to not ignore the $text parameter
...
Also support closing tags with no text content given
Conflicts:
lib/private/template.php
2014-10-28 11:15:58 +01:00
Clark Tomlinson
ca5abe5744
Setting moment locale based on user selection
2014-10-23 10:32:47 -04:00
Morris Jobke
06eb3b62c6
Merge pull request #10109 from owncloud/issue_#9793_guestlayout
...
Step one, open guest layout for different styles.
2014-09-15 15:15:41 +02:00
Lukas Reschke
7d2c521b46
Step one, open guest layout for different styles.
...
Conflicts:
core/templates/layout.guest.php
Step one, open guest layout for different styles.
2014-09-11 11:41:02 +02:00
Lukas Reschke
bce5c2dae9
Add X-UA-Compatible to all templates
...
Replaces https://github.com/owncloud/core/pull/10850
2014-09-11 10:28:52 +02:00
Jan-Christoph Borchardt
71e10b66d9
Merge pull request #10944 from owncloud/fix-nojavascript-style
...
fix no-JS message, and add it to log in and shared as well cause they don’t work without JS
2014-09-08 21:58:54 +02:00
Jan-Christoph Borchardt
bd56619e7a
also add no-JavaScript notice to log in and sharing pages because they do not work without JS either
2014-09-08 18:07:20 +02:00
Pascal de Bruijn
73f50287ff
templates: use p() for getiTunesAppId
2014-08-28 10:12:59 +02:00
Pascal de Bruijn
49da0a7943
defaults: add customizable defaultiTunesAppId
2014-08-27 14:07:39 +02:00
Clark Tomlinson
e0a8321b23
Adding type to favicon
2014-08-22 16:26:39 -04:00
Thomas Müller
cbe3595f64
using flush() here is pointless as we render the layout into a memory buffer and actually transmit the data later
2014-08-08 15:44:11 +02:00
Morris Jobke
cea7d4961e
move to updated version of placeholder
2014-06-03 16:18:06 +02:00
Jan-Christoph Borchardt
60efa0f1c8
Merge pull request #8140 from owncloud/login-valign
...
Vertically align public layout to better fit small mobile screens
2014-05-15 15:06:52 +02:00