Roeland Jago Douma
b38fa573e1
Add stricter CSPs
...
* Deprecate our default CSP
* Add strict CSP that is always our strictest setting
* Add strict eval CSP (disable unsafe-eval)
* Add strict inline CSP (disables inline styles)
This is just to move forward and have a incremental improvement of our
CSP
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-13 14:47:57 +02:00
Roeland Jago Douma
a34495933e
Move caching logic to response
...
This avoids having to do it at all the places we want cached responses.
We can't inject the ITimeFactor without breaking public API.
However we can perfectly overwrite the service (resulting in the same
testable effect).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-04 08:48:54 +02:00
Roeland Jago Douma
ed7b4839d9
The column is not user input so suppress the phan warning
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-14 14:46:33 +02:00
Roeland Jago Douma
74d7f6d4ca
Add a QueryBuilder Mapper
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-10 19:47:43 +02:00
Julius Härtl
6ded1c46b7
Add since tags
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-04-05 13:18:17 +02:00
Julius Härtl
2e60f91ab1
Move external share saving to template
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-04-05 13:11:55 +02:00
Julius Härtl
30e76f9f14
Add footer to public page template
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-04-05 12:22:01 +02:00
Julius Härtl
eb19899f8e
Move common menu templates to public API
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-04-05 11:09:19 +02:00
Roeland Jago Douma
129a608ebe
OCP\AppFramework\App strict
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-09 08:42:03 +01:00
Julius Härtl
36563d4a4b
Remove setters
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:53 +01:00
Julius Härtl
9cf49873fa
Rework array handling to avoid phan error
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:53 +01:00
Julius Härtl
2b6c00fc0f
Add id to list element
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:53 +01:00
Julius Härtl
7cd0340366
Sort menu by priority
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:53 +01:00
Julius Härtl
038aad73c7
Add missing phpdoc for public API
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:53 +01:00
Julius Härtl
4f83462f67
Add phpdoc, typehints and sanitize HTML
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:52 +01:00
Julius Härtl
4f78980fad
Add menu item abstraction
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:52 +01:00
Julius Härtl
0655df09d6
Pass template parameters to parent template
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:52 +01:00
Roeland Jago Douma
fb41a93a95
Merge pull request #8473 from nextcloud/strict_cmr
...
Strict OCP\AppFramework\Utility\IControllerMethodReflector
2018-02-21 22:56:40 +01:00
Roeland Jago Douma
aa060f5332
Strict OCP\AppFramework\Utility\IControllerMethodReflector
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 19:55:49 +01:00
Roeland Jago Douma
5825c27a12
Make sure that render always returns a string
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 13:28:40 +01:00
Joas Schilling
7bc9a69c3f
Remove deprecated core API
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-01-15 17:54:50 +01:00
Roeland Jago Douma
d44de92c31
Merge pull request #7838 from nextcloud/timefactory_strict
...
Make the ITimeFactory strict + return types
2018-01-15 09:27:37 +01:00
Roeland Jago Douma
7ffd62bf95
Make the ITimeFactory strict + return types
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-14 21:55:40 +01:00
Roeland Jago Douma
704133d732
Remove deprecated functions from DI Container
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-13 19:29:52 +01:00
Roeland Jago Douma
f55732a18f
Merge pull request #7075 from nextcloud/remove-unused-variables
...
Remove unused variables
2017-11-07 16:18:40 +01:00
Morris Jobke
4866314ce0
Run updated license header updater
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-07 13:47:42 +01:00
Morris Jobke
31c5c2a592
Change @georgehrke's email
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 20:38:59 +01:00
Morris Jobke
0eebff152a
Update license headers
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Morris Jobke
5445b1ff17
Remove unused variables
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 09:43:45 +01:00
Julius Härtl
4cfa1c66b8
Doc: Fix phpDoc issues
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-10-23 23:23:56 +02:00
Roeland Jago Douma
87e10f9e6a
OC_OCS_Response is deprecated
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-21 17:56:00 +02:00
Thomas Citharel
eb51c46549
fix typo and set @since properly
...
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2017-09-15 15:23:10 +02:00
Thomas Citharel
ecf347bd1a
Add CSP frame-ancestors support
...
Didn't set the @since annotation yet.
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2017-09-15 15:23:10 +02:00
Lukas Reschke
f93a82b8b0
Remove explicit type hints for Controller
...
This is public API and breaks the middlewares of existing apps. Since this also requires maintaining two different code paths for 12 and 13 I'm at the moment voting for reverting this change.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 17:32:03 +02:00
Morris Jobke
84c22fdeef
Merge pull request #5907 from nextcloud/add-metadata-to-throttle-call
...
Add metadata to \OCP\AppFramework\Http\Response::throttle
2017-08-01 14:43:47 +02:00
Morris Jobke
6010c4f267
Merge pull request #5877 from nextcloud/typehint_middleware
...
Prop argument type for Middleware
2017-08-01 14:28:16 +02:00
Lukas Reschke
0fa49db770
Some more invalid PHPDocs in legacy classes
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 08:20:16 +02:00
Lukas Reschke
dfd8125aeb
Replace wrong PHPDocs
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 08:20:16 +02:00
Roeland Jago Douma
72eb610b3d
Prop argument type for Middleware
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-31 16:54:19 +02:00
Lukas Reschke
f22ab3e665
Add metadata to \OCP\AppFramework\Http\Response::throttle
...
Fixes https://github.com/nextcloud/server/issues/5891
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-27 14:17:45 +02:00
Roeland Jago Douma
361d2badd8
Some phpstorm inspection fixes
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-22 21:10:16 +02:00
Roeland Jago Douma
0b495ceff8
Remove deprecated Controller Functions
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-20 11:03:12 +02:00
Morris Jobke
c54a59d51e
Remove unused use statements
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 19:23:31 -05:00
Lukas Reschke
8149945a91
Make BruteForceProtection annotation more clever
...
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.
Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 23:05:33 +02:00
Pierre Rudloff
19d3133ccf
Web app manifest
...
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-03-28 18:39:57 -06:00
Lukas Reschke
adfd1e63f6
Add base-uri to CSP policy
...
As per https://twitter.com/we1x/status/842032709543333890 a nice security hardening
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 15:16:20 +01:00
Christoph Wurst
fe6416072d
set 'no-store' cache header if we do not want FF to cache
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-09 21:29:59 +01:00
Joas Schilling
bc3da3a8f5
Remove IDb interface which was deprecated for 3 years already
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-14 11:42:16 +01:00
Robin Appelman
72a54ff9de
prevent warning in StreamResponse
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-29 15:29:02 +01:00
Robin Appelman
4235b18a88
allow passing a stream to StreamResponse
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:30:36 +01:00