Commit Graph

15 Commits

Author SHA1 Message Date
Lukas Reschke e735a9915c Add blob: scheme to default CSP policy
Fixes https://github.com/owncloud/core/issues/19438
2015-09-29 14:27:35 +02:00
sualko 5590d64612 add more unit tests for data: as allowed image domain 2015-08-10 12:42:42 +02:00
Lukas Reschke 34f5541088 Add `no-store` to AppFramework 2015-06-15 18:35:41 +02:00
Lukas Reschke b20174bdad Allow AppFramework applications to specify a custom CSP header
This change allows AppFramework applications to specify a custom CSP header for example when the default policy is too strict. Furthermore this allows us to partially migrate away from CSS and allowed eval() in our JavaScript components.

Legacy ownCloud components will still use the previous policy. Application developers can use this as following in their controllers:
```php
$response = new TemplateResponse('activity', 'list', []);
$cspHelper = new ContentSecurityPolicyHelper();
$cspHelper->addAllowedScriptDomain('www.owncloud.org');
$response->addHeader('Content-Security-Policy', $cspHelper->getPolicy());
return $response;
```

Fixes https://github.com/owncloud/core/issues/11857 which is a pre-requisite for https://github.com/owncloud/core/issues/13458 and https://github.com/owncloud/core/issues/11925
2015-02-16 11:00:41 +01:00
Lukas Reschke 048139074d Add functions to modify cookies to response class
Currently there is no AppFramework way to modify cookies, which makes it unusable for quite some use-cases or results in untestable code.

This PR adds some basic functionalities to add and invalidate cookies.

Usage:
```php
$response = new TemplateResponse(...);
$response->addCookie('foo', 'bar');
$response->invalidateCookie('foo');
$response->addCookie('bar', 'foo', new \DateTime('2015-01-01 00:00'));
```

Existing cookies can be accessed with the AppFramework using `$this->request->getCookie($name)`.
2014-11-27 14:19:00 +01:00
Joas Schilling 6202ca33ba Make remaining files extend the test base 2014-11-19 14:53:59 +01:00
Bernhard Posselt 0696099bad add dataresponse
fix docstrings

adjust copyright date

another copyright date update

another header update

implement third headers argument, fix indention, fix docstrings

fix docstrings
2014-10-29 09:43:47 +01:00
Bernhard Posselt 1d45239c65 adjust license headers to new mail address 2014-05-11 17:54:08 +02:00
Bernhard Posselt 9a4d204b55 add cors middleware
remove methodannotationreader namespace

fix namespace for server container

fix tests

fail if with cors credentials header is set to true, implement a reusable preflighted cors method in the controller baseclass, make corsmiddleware private and register it for every request

remove uneeded  local in cors middleware registratio

dont uppercase cors to easily use it from routes

fix indention

comment fixes

explicitely set allow credentials header to false

dont depend on better controllers PR, fix that stuff later

split cors methods to be in a seperate controller for exposing apis

remove protected definitions from apicontroller since controller has it
2014-05-09 23:34:41 +02:00
Thomas Tanghus 8f6ea900f2 Chainable Response in AppFramework 2014-03-09 23:01:16 +01:00
Jörn Friedrich Dreyer 39f2f564a9 use assertSame and assertNotSame for etag checks 2014-02-27 09:39:34 +01:00
Scrutinizer Auto-Fixer adaee6a5a1 Scrutinizer Auto-Fixes
This patch was automatically generated as part of the following inspection:
https://scrutinizer-ci.com/g/owncloud/core/inspections/cdfecc4e-a37e-4233-8025-f0d7252a8720

Enabled analysis tools:
 - PHP Analyzer
 - JSHint
 - PHP Copy/Paste Detector
 - PHP PDepend
2014-02-19 09:31:54 +01:00
Thomas Tanghus ad017285e1 Fix namespace for OCP\Appframework\Http
To avoid having to use OCP\Appframework\Http\Http in the public - and stable
- API OCP\Appframework\Http is now both a class and a namespace.
2013-10-23 05:57:34 +02:00
Thomas Müller 33db8a3089 kill superfluent classloader from tests - this approach might be of interest within the apps 2013-08-21 00:41:20 +02:00
Thomas Müller fde9cabe97 initial import of appframework 2013-08-17 11:16:48 +02:00