nextcloud

Commit Graph

Author	SHA1	Message	Date
Joas Schilling	02c011c4f7	Make debugging easier which header is being set Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-03-24 13:22:44 +01:00
Christoph Wurst	08d4458542	Initialize \OCP\AppFramework\Http\ZipResponse::$resources Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2021-02-17 19:59:27 +01:00
Christoph Wurst	9ce3ea3368	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-12-30 14:07:05 +01:00
Christoph Wurst	d89a75be0b	Update all license headers for Nextcloud 21 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-12-16 18:48:22 +01:00
Joas Schilling	329ffa257e	Log an error when setting a custom header on "Not Modified" responses Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-12-15 11:24:15 +01:00
Thomas Citharel	71cf92697c	Update comment to reflect current CSP policy JS unsafe-eval was removed a long time ago in https://github.com/nextcloud/server/pull/11028	2020-12-12 21:11:42 +01:00
Roeland Jago Douma	1e111b2ad2	Fix DataResponse typehints We use this already in several places where we just pass strings or numbers. This all works because we just convert it to a json response in the end. So better to have the typehints reflect this. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-11-19 20:34:42 +01:00
Roeland Jago Douma	9163790b7c	Set frame-ancestors to none if none are filled frame-ancestors doesn't fall back to default-src. So when we apply a very restricted CSP we should make sure to set it to 'none' and not leave it empty. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-11-18 10:13:36 +01:00
Roeland Jago Douma	fa6a790859	Remove deprecated OCSResponse Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-11-01 14:12:27 +01:00
Christoph Wurst	d9015a8c94	Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-10-05 20:25:24 +02:00
Julius Härtl	8ab2422b6c	Add acutal response to BeforeTemplateRenderedEvent Signed-off-by: Julius Härtl <jus@bitgrid.net>	2020-09-24 20:00:23 +02:00
Roeland Jago Douma	b5e9f7e846	Merge pull request #22432 from nextcloud/enh/phpdoc Add php docs build script	2020-08-26 21:18:11 +02:00
Julius Härtl	45a474071e	Remove @package annotations from public namespace Signed-off-by: Julius Härtl <jus@bitgrid.net>	2020-08-26 16:59:40 +02:00
Christoph Wurst	2a054e6c04	Update the license headers for Nextcloud 20 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-08-24 14:54:25 +02:00
Joas Schilling	35a8519591	Fix CS Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-08-19 11:20:36 +02:00
Joas Schilling	e66bc4a8a7	Send "429 Too Many Requests" in case of brute force protection Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-08-19 11:20:35 +02:00
Morris Jobke	0581356169	Merge pull request #22097 from nextcloud/enh/noid/empty-template Add empty renderAs template	2020-08-05 11:42:29 +02:00
Julius Härtl	b51746212e	Add base renderAs template Signed-off-by: Julius Härtl <jus@bitgrid.net>	2020-08-04 09:48:43 +02:00
Julius Härtl	e1b696929f	Move NotFoundResponse to a proper TemplateResponse Signed-off-by: Julius Härtl <jus@bitgrid.net>	2020-07-24 08:58:14 +02:00
Joas Schilling	49970639fa	Add constants for the magic strings of template rendering Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-07-16 15:47:28 +02:00
Morris Jobke	c4b53538af	Better event description for BeforeTemplateRenderedEvent in files and files_sharing Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2020-07-15 20:15:51 +02:00
Roeland Jago Douma	7d7ba61625	Add real events to load additionalscripts Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-07-15 14:07:18 +02:00
Joas Schilling	b7060be18d	Fix robots "noindex, nofollow" signals Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-06-25 08:29:43 +02:00
Roeland Jago Douma	fbf9772a3e	Allow to specify the cookie type for appframework responses In general it is good to set them to Lax. But also to give devs more control over them is not a bad thing. Helps with #21474 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-06-22 08:38:44 +02:00
Roeland Jago Douma	4fbea316a7	Merge pull request #20897 from nextcloud/bugfix/httpcache Proxy server could cache http response when it is not private	2020-05-13 08:27:05 +02:00
Clement Wong	e9be3a9090	Add public argument to Http cacheFor() Signed-off-by: Clement Wong <git@clement.hk>	2020-05-10 20:24:14 +02:00
Clement Wong	401210d259	Proxy server could cache http response when it is not private Signed-off-by: Clement Wong <git@clement.hk>	2020-05-10 11:24:08 +02:00
Christoph Wurst	cb057829f7	Update license headers for 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-29 11:57:22 +02:00
Christoph Wurst	28f8eb5dba	Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-10 16:54:27 +02:00
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-10 14:19:56 +02:00
Christoph Wurst	afbd9c4e6e	Unify function spacing to PSR2 recommendation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 13:54:22 +02:00
Christoph Wurst	41b5e5923a	Use exactly one empty line after the namespace declaration For PSR2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 11:48:10 +02:00
Christoph Wurst	2fbad1ed72	Fix (array) indent style to always use one tab Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 10:16:08 +02:00
Christoph Wurst	1a9330cd69	Update the license headers for Nextcloud 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-31 14:52:54 +02:00
Christoph Wurst	463b388589	Merge pull request #20170 from nextcloud/techdebt/remove-unused-imports Remove unused imports	2020-03-27 17:14:08 +01:00
Christoph Wurst	b80ebc9674	Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-26 16:34:56 +01:00
Christoph Wurst	74936c49ea	Remove unused imports Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-25 22:08:08 +01:00
Pavel Krasikov	4c01326913	add docs for useJsNonce Signed-off-by: Pavel Krasikov <klonishe@gmail.com>	2020-03-15 17:02:11 +03:00
Christoph Wurst	6127c288e8	Fix license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-01-13 14:23:49 +01:00
Daniel Calviño Sánchez	883a71ce8e	Split the menu entry for external shares in two The external shares entry showed a "button" that, when pressed, replaced the button with the input to set the remote share address. The "button" was actually a label for the input, so when the label was focused it transferred the focus to the input and thus pressing enter or space did not show the input. Moreover, inputs inside links are not valid HTML, and once shown there was no way to hide the input again. Due to all this, and for consistency with the direct link input, the external share input was moved to a different menu item that is shown and hidden when the button, which nows is also a real button, is clicked. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	2019-12-30 10:29:36 +01:00
Daniel Calviño Sánchez	33b2f4e295	Format HTML elements Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	2019-12-30 10:29:36 +01:00
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-12-05 15:38:45 +01:00
Roeland Jago Douma	68748d4f85	Some php-cs fixes * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-11-22 20:52:10 +01:00
Roeland Jago Douma	a85f2f4165	set default CSP on NotFoundResponse Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-09-09 22:37:12 +02:00
Roeland Jago Douma	35db32f504	Add deprecation warning Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-08-29 14:52:50 +02:00
Roeland Jago Douma	c40fe8b819	Do not enforce the parent constructor of response to be called If there is no policy set we just take the default empty ones. That way no obscure errors get thrown if the constructor is not called. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-08-19 14:39:34 +02:00
Roeland Jago Douma	c4cafae884	frame-src doesn't respect the nonce attribute Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-08-16 21:29:57 +02:00
Roeland Jago Douma	b8c5008acf	Add feature policy header This adds the events and the classes to modify the feature policy. It also adds a default restricted feature policy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-08-10 14:26:22 +02:00
Roeland Jago Douma	f94ee72507	Add form-action CSP element Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-07-31 15:16:10 +02:00
Roeland Jago Douma	cd243b0876	No need to have these classes we tighten the default CSP from time to time Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-07-27 14:59:48 +02:00

1 2 3

110 Commits