mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
52,265 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

22 Commits

Author SHA1 Message Date
Christoph Wurst 5bf3d1bb38
Update license headers 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-12-05 15:38:45 +01:00
J0WI 1b074f48d8
Remove duplicated spaces 
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
 2019-08-11 20:11:50 +02:00
J0WI 3f2932c75a
Sort headers 
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
 2019-08-11 20:11:50 +02:00
J0WI 76cbd7db6e
Add X-Frame-Options header to .htaccess 
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
 2019-08-11 20:11:49 +02:00
Roeland Jago Douma 3b1e16458d
Forbid eval on legacy responses 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-04-09 09:58:23 +02:00
Peter Kraume 79b8703f29 Set Referrer-Policy also in addSecurityHeaders() 
Fix: #12689
Signed-off-by: Peter Kraume <peter.kraume@gmx.de>
 2018-11-27 16:39:06 +01:00
Morris Jobke b0a296e2e1
Do not use HTTP code OC_Response constants anymore 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-06-26 16:14:15 +02:00
Morris Jobke 79d9841bce
Replace hardcoded status headers with calls to http_response_code() 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-06-26 16:14:15 +02:00
Morris Jobke 53a899a1f5
Fix the HTTP 1.0 status code and properly detect 1.0 vs 1.1&2.0 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-03-13 09:22:26 +01:00
Morris Jobke e758cfcdc8
Remove unused methods of OC_Response 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-03-12 18:42:30 +01:00
Morris Jobke 70b1f510f2
Use normal header() calls instead of private method calls 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-02-19 09:40:25 +01:00
Morris Jobke 0eebff152a
Update license headers 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-06 16:56:19 +01:00
Lukas Reschke dfd8125aeb
Replace wrong PHPDocs 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-08-01 08:20:16 +02:00
Joas Schilling bd37021587
Fix casing of same origin frame option 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-12 12:37:32 +02:00
Morris Jobke dbf6b7ff86 Merge pull request #4127 from nextcloud/update-legacy-csp-policy 
Update legacy CSP policy
 2017-03-28 17:47:32 -06:00
Lukas Reschke 3a90ab7e0a
Update legacy CSP policy 
Aligns it with the one enforced by the AppFramework

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-03-28 23:55:31 +02:00
Lukas Reschke bff6c8aafc
Move X-Frame-Options into PHP 
The public calendar view should be embeddable and we can't do that if the .htaccess sets a global X-Frame-Options.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-03-26 17:26:11 +02:00
Lukas Reschke fdcb8edd78
Add nonce also to legacy CSP 
Pages that do not use the AppFramework have its CSP inherited from `\OC_Response::addSecurityHeaders`. While those are not many anymore, there are some examples such as the "Help" page.

To stay completely backwards-compatible we should also add the nonce to the legacy CSP response.

To test that open your browser console and open the help page. Without this you will get a JS error. With this you won't.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-26 09:41:18 +02:00
Sergio Bertolín 0417cbafd0
Changed request to not add a prefix to the url (#26256) 
* Changed request to not add a prefix to the url

* Expecting forbidden instead of service unavailable

* Handling login exceptions
 2016-10-20 17:21:08 +02:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Roeland Jago Douma 368be8894c
Move non PSR-4 files from lib/private root to legacy 
As discussed we move all old style classes (OC_FOO_BAR) to legacy.
Then from there we can evaluate the need to convert them back or if they
can be fully deprecated/deleted.
 2016-04-30 11:32:22 +02:00