a05b8b7953
Harden cookies more appropriate
...
This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening.
See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications.
Fixes https://github.com/nextcloud/server/issues/1412
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-23 12:53:44 +01:00
c20ab0049f
Identify Chromium as Chrome
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-26 12:07:10 +02:00
f9cea0b582
Merge pull request #797 from nextcloud/only-match-for-auth-cookie
...
Match only for actual session cookie
2016-08-31 15:59:16 +02:00
d50e7ee36c
Remove reading PATH_INFO from server variable
...
Having two code paths for this is unreliable and can lead to bugs. Also, in some cases Apache isn't setting the PATH_INFO variable when mod_rewrite is used.
Fixes https://github.com/nextcloud/server/issues/983
2016-08-19 14:48:13 +02:00
8f3dc0ba43
Remove IE_8 user agent string
2016-08-16 21:01:32 +02:00
b53ea18ea5
Match only for actual session cookie
...
OVH has implemented load balancing in a very questionable way where the reverse proxy actually internally adds some cookies which would trigger a security exception. To work around this, this change only checks for the session cookie.
2016-08-09 19:23:08 +02:00
0215b004da
Update with robin
2016-07-21 18:13:58 +02:00
ba87db3fcc
Fix others
2016-07-21 18:13:57 +02:00
a299fa38a9
[master] Port Same-Site Cookies to master
...
Fixes https://github.com/nextcloud/server/issues/50
2016-07-20 18:37:57 +02:00
b1d652e8b0
Copy the regexes to the public interface
2016-07-18 15:11:44 +02:00
aba539703c
Update license headers
2016-05-26 19:57:24 +02:00
eb11ed1851
Make ownCloud work again in php 7.0.6
...
See https://bugs.php.net/bug.php?id=72117
2016-04-28 12:23:17 +02:00
1d33a5ef13
Move \OC\AppFramework to PSR-4
...
* Also moved the autoloader setup a bit up since we need it in initpaths
2016-04-22 15:28:09 +02:00
Lukas Reschke
Joas Schilling
Roeland Jago Douma
Lukas Reschke
Roeland Jago Douma