mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
47,092 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

16 Commits

Author SHA1 Message Date
Oliver Wegner 401ca28f07 Adding handling of CIDR notation to trusted_proxies for IPv4 
Signed-off-by: Oliver Wegner <void1976@gmail.com>
 2018-10-30 09:15:42 +01:00
Roeland Jago Douma d179186430
Remove testcase 
Since a token now always requires a string we don't need to test for
null

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-03-05 16:14:46 +01:00
Roeland Jago Douma 0ee45d3d20
Fix proper types 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-02-22 15:51:19 +01:00
Bjoern Schiessle f0202245ee
allow 'Nextcloud' in the user agent string of Android 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-12-12 12:16:01 +01:00
Morris Jobke 43e498844e
Use ::class in test mocks 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-10-24 17:45:32 +02:00
Roeland Jago Douma c257cd57d4
Handle SameSiteCookie check for index.php in AppFramework Middleware 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-24 21:07:16 +02:00
Roeland Jago Douma 2a9192334e
Don't try to parse empty body if there is no body 
Fixes #3890

If we do a put request without a body the current code still tries to
read the body. This patch makes sure that we do not try to read the body
if the content length is 0.

See RFC 2616 Section 4.3

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-04 08:22:33 +02:00
Robin Appelman 9a8cef965f
add test for skipping cookie checks for ocs 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-10 14:11:00 +01:00
Christoph Wurst 5e728d0eda oc_token should be nc_token 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-02-02 21:56:44 +01:00
Lukas Reschke a05b8b7953
Harden cookies more appropriate 
This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening.

See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications.

Fixes https://github.com/nextcloud/server/issues/1412

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-11-23 12:53:44 +01:00
Joas Schilling c20ab0049f
Identify Chromium as Chrome 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-10-26 12:07:10 +02:00
Joas Schilling f9cea0b582 Merge pull request #797 from nextcloud/only-match-for-auth-cookie 
Match only for actual session cookie
 2016-08-31 15:59:16 +02:00
Lukas Reschke d50e7ee36c
Remove reading PATH_INFO from server variable 
Having two code paths for this is unreliable and can lead to bugs. Also, in some cases Apache isn't setting the PATH_INFO variable when mod_rewrite is used.

Fixes https://github.com/nextcloud/server/issues/983
 2016-08-19 14:48:13 +02:00
Lukas Reschke b53ea18ea5
Match only for actual session cookie 
OVH has implemented load balancing in a very questionable way where the reverse proxy actually internally adds some cookies which would trigger a security exception. To work around this, this change only checks for the session cookie.
 2016-08-09 19:23:08 +02:00
Lukas Reschke a299fa38a9
[master] Port Same-Site Cookies to master 
Fixes https://github.com/nextcloud/server/issues/50
 2016-07-20 18:37:57 +02:00
Joas Schilling 94ad54ec9b Move tests/ to PSR-4 (#24731) 
* Move a-b to PSR-4

* Move c-d to PSR-4

* Move e+g to PSR-4

* Move h-l to PSR-4

* Move m-r to PSR-4

* Move s-u to PSR-4

* Move files/ to PSR-4

* Move remaining tests to PSR-4

* Remove Test\ from old autoloader
 2016-05-20 15:38:20 +02:00