Commit Graph

109 Commits

Author SHA1 Message Date
Christoph Wurst 08d4458542
Initialize \OCP\AppFramework\Http\ZipResponse::$resources
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2021-02-17 19:59:27 +01:00
Christoph Wurst 9ce3ea3368
Update license headers
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-30 14:07:05 +01:00
Christoph Wurst d89a75be0b
Update all license headers for Nextcloud 21
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-16 18:48:22 +01:00
Joas Schilling 329ffa257e
Log an error when setting a custom header on "Not Modified" responses
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-12-15 11:24:15 +01:00
Thomas Citharel 71cf92697c
Update comment to reflect current CSP policy
JS unsafe-eval was removed a long time ago in https://github.com/nextcloud/server/pull/11028
2020-12-12 21:11:42 +01:00
Roeland Jago Douma 1e111b2ad2
Fix DataResponse typehints
We use this already in several places where we just pass strings or
numbers.
This all works because we just convert it to a json response in the end.
So better to have the typehints reflect this.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-19 20:34:42 +01:00
Roeland Jago Douma 9163790b7c
Set frame-ancestors to none if none are filled
frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-18 10:13:36 +01:00
Roeland Jago Douma fa6a790859
Remove deprecated OCSResponse
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-01 14:12:27 +01:00
Christoph Wurst d9015a8c94
Format code to a single space around binary operators
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-05 20:25:24 +02:00
Julius Härtl 8ab2422b6c
Add acutal response to BeforeTemplateRenderedEvent
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-09-24 20:00:23 +02:00
Roeland Jago Douma b5e9f7e846
Merge pull request #22432 from nextcloud/enh/phpdoc
Add php docs build script
2020-08-26 21:18:11 +02:00
Julius Härtl 45a474071e
Remove @package annotations from public namespace
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-08-26 16:59:40 +02:00
Christoph Wurst 2a054e6c04
Update the license headers for Nextcloud 20
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-08-24 14:54:25 +02:00
Joas Schilling 35a8519591
Fix CS
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 11:20:36 +02:00
Joas Schilling e66bc4a8a7
Send "429 Too Many Requests" in case of brute force protection
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 11:20:35 +02:00
Morris Jobke 0581356169
Merge pull request #22097 from nextcloud/enh/noid/empty-template
Add empty renderAs template
2020-08-05 11:42:29 +02:00
Julius Härtl b51746212e
Add base renderAs template
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-08-04 09:48:43 +02:00
Julius Härtl e1b696929f
Move NotFoundResponse to a proper TemplateResponse
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-07-24 08:58:14 +02:00
Joas Schilling 49970639fa
Add constants for the magic strings of template rendering
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-07-16 15:47:28 +02:00
Morris Jobke c4b53538af
Better event description for BeforeTemplateRenderedEvent in files and files_sharing
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-07-15 20:15:51 +02:00
Roeland Jago Douma 7d7ba61625
Add real events to load additionalscripts
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-07-15 14:07:18 +02:00
Joas Schilling b7060be18d
Fix robots "noindex, nofollow" signals
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-25 08:29:43 +02:00
Roeland Jago Douma fbf9772a3e
Allow to specify the cookie type for appframework responses
In general it is good to set them to Lax. But also to give devs more
control over them is not a bad thing.

Helps with #21474

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-06-22 08:38:44 +02:00
Roeland Jago Douma 4fbea316a7
Merge pull request #20897 from nextcloud/bugfix/httpcache
Proxy server could cache http response when it is not private
2020-05-13 08:27:05 +02:00
Clement Wong e9be3a9090 Add public argument to Http cacheFor()
Signed-off-by: Clement Wong <git@clement.hk>
2020-05-10 20:24:14 +02:00
Clement Wong 401210d259 Proxy server could cache http response when it is not private
Signed-off-by: Clement Wong <git@clement.hk>
2020-05-10 11:24:08 +02:00
Christoph Wurst cb057829f7
Update license headers for 19
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-29 11:57:22 +02:00
Christoph Wurst 28f8eb5dba
Add visibility to all constants
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:54:27 +02:00
Christoph Wurst caff1023ea
Format control structures, classes, methods and function
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 14:19:56 +02:00
Christoph Wurst afbd9c4e6e
Unify function spacing to PSR2 recommendation
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 13:54:22 +02:00
Christoph Wurst 41b5e5923a
Use exactly one empty line after the namespace declaration
For PSR2

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 11:48:10 +02:00
Christoph Wurst 2fbad1ed72
Fix (array) indent style to always use one tab
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 10:16:08 +02:00
Christoph Wurst 1a9330cd69
Update the license headers for Nextcloud 19
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-31 14:52:54 +02:00
Christoph Wurst 463b388589
Merge pull request #20170 from nextcloud/techdebt/remove-unused-imports
Remove unused imports
2020-03-27 17:14:08 +01:00
Christoph Wurst b80ebc9674
Use the short array syntax, everywhere
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-26 16:34:56 +01:00
Christoph Wurst 74936c49ea
Remove unused imports
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-25 22:08:08 +01:00
Pavel Krasikov 4c01326913 add docs for useJsNonce
Signed-off-by: Pavel Krasikov <klonishe@gmail.com>
2020-03-15 17:02:11 +03:00
Christoph Wurst 6127c288e8 Fix license headers
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-01-13 14:23:49 +01:00
Daniel Calviño Sánchez 883a71ce8e Split the menu entry for external shares in two
The external shares entry showed a "button" that, when pressed, replaced
the button with the input to set the remote share address. The "button"
was actually a label for the input, so when the label was focused it
transferred the focus to the input and thus pressing enter or space did
not show the input. Moreover, inputs inside links are not valid HTML,
and once shown there was no way to hide the input again.

Due to all this, and for consistency with the direct link input, the
external share input was moved to a different menu item that is shown
and hidden when the button, which nows is also a real button, is
clicked.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2019-12-30 10:29:36 +01:00
Daniel Calviño Sánchez 33b2f4e295 Format HTML elements
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2019-12-30 10:29:36 +01:00
Christoph Wurst 5bf3d1bb38
Update license headers
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +01:00
Roeland Jago Douma 68748d4f85
Some php-cs fixes
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-22 20:52:10 +01:00
Roeland Jago Douma a85f2f4165
set default CSP on NotFoundResponse
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-09-09 22:37:12 +02:00
Roeland Jago Douma 35db32f504
Add deprecation warning
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-29 14:52:50 +02:00
Roeland Jago Douma c40fe8b819
Do not enforce the parent constructor of response to be called
If there is no policy set we just take the default empty ones.
That way no obscure errors get thrown if the constructor is not called.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-19 14:39:34 +02:00
Roeland Jago Douma c4cafae884
frame-src doesn't respect the nonce attribute
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-16 21:29:57 +02:00
Roeland Jago Douma b8c5008acf
Add feature policy header
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-10 14:26:22 +02:00
Roeland Jago Douma f94ee72507
Add form-action CSP element
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-31 15:16:10 +02:00
Roeland Jago Douma cd243b0876
No need to have these classes we tighten the default CSP from time to
time

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 14:59:48 +02:00
Roeland Jago Douma 7276735eb4
Set empty CSP by default
For #14179

By default responses should have the strictest (and simplest) CSP
possible. Only template responses should require an actual CSP.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-04-16 14:09:39 +02:00