Commit Graph

91 Commits

Author SHA1 Message Date
Lukas Reschke 38b3ac8213
Add ContentSecurityPolicyNonceManager
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 16:35:31 +02:00
Lukas Reschke 9e6634814e
Add support for CSP nonces
CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce.

At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.)

IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO.

Implementing this offers the following advantages:

1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist
2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file.

If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 12:27:50 +02:00
skjnldsv 71830b285c Svgo optimization
Signed-off-by: John Molakvoæ <fremulon@protonmail.com>
2016-09-27 20:56:26 +02:00
Felix Epp aacaf7a568 Add icon for the theming app 2016-09-07 01:23:53 +02:00
Joas Schilling 67408c3f63
Add image URLs and tests 2016-09-06 08:55:22 +02:00
Joas Schilling 1d834bd49e
Add theming information to capabilities for the client 2016-09-05 14:27:19 +02:00
Roeland Jago Douma 011364317a
Fix ThemingDefaults getMock deprecation 2016-08-31 20:33:18 +02:00
Julius Haertl 0e8b138534
Theming: Show loading spinner while uploading files 2016-08-30 06:40:41 +02:00
Julius Haertl d43c9b9e79
Theming: fix primary button for bright colors 2016-08-29 19:07:27 +02:00
iamfool 7e1a690059 Update AdminTest.php 2016-08-29 01:47:23 -07:00
iamfool e13cd289cb Update Admin.php 2016-08-28 18:02:45 -07:00
Lukas Reschke 683f0e7f77
Use temporary file as cache 2016-08-27 21:38:41 +02:00
Lukas Reschke 73bc108451
Increase theming performance
1. Set proper caching headers (`Pragma: cache`)
2. Resize image proportionally to a max size of 1920px
3. Store images with progressive mode

This resizes a previous 2.8 MB picture to 300kb and makes it rendering going down from 11 seconds to less than 1 here. And future requests won't have to download the file newly.
2016-08-27 21:02:08 +02:00
Julius Haertl d7f0a970ae
Theming: Preview for page title 2016-08-26 18:21:05 +02:00
Roeland Jago Douma 53725d4d15 Merge pull request #771 from nextcloud/theming-fixes
Theming: Fix missing color usage
2016-08-26 15:02:21 +02:00
Julius Haertl 3d38cb9570
Theming: Hide undo button on default values 2016-08-26 12:08:12 +02:00
Julius Haertl d95aec2ed2
Theming: Add preview for login screen 2016-08-26 12:08:12 +02:00
Julius Haertl 218e2f7850
Theming: Adjust jquery ui elements 2016-08-26 12:07:52 +02:00
Julius Haertl 2b0ed6c27a
Theming: colorize primary buttons 2016-08-26 12:07:52 +02:00
Roeland Jago Douma 044d7c3bb7 Merge pull request #1026 from nextcloud/theming-extend-defaults
Theming: Add logo and background to ThemingDefaults
2016-08-26 11:53:24 +02:00
Roeland Jago Douma 60974de97b
Require a ThemingDefaults class again 2016-08-24 13:22:44 +02:00
Joas Schilling c7c53aefb2
Use the lazy root to make tests pass 🙈 2016-08-24 09:52:05 +02:00
Julius Haertl 80fe499707
Theming: Add logo and background to ThemingDefaults 2016-08-24 00:40:22 +02:00
Arthur Schiwon a065fee3ff
fixes registering of theming settings where server return OC_Defaults instead of ThemingDefaults 2016-08-22 12:02:06 +02:00
Lukas Reschke 7ffb7b0d84
Use MockBuilder instead of createMock
CI uses an older PHPUnit
2016-08-15 16:43:22 +02:00
Lukas Reschke 8a7a0f3287
Add unit tests 2016-08-15 16:25:34 +02:00
Arthur Schiwon 0fdf801c25
fix theming tests 2016-08-12 16:58:59 +02:00
Arthur Schiwon 0c15081279
rename remaining occurences of OCA/Theming/Template 2016-08-12 16:00:39 +02:00
Bjoern Schiessle 18fd8ff70c
rename "Tenmplate" to "ThemingDefaults" to make the auto loader happy" 2016-08-12 15:32:28 +02:00
Lukas Reschke 8261ccce1b
Merge branch 'master' into implement_712 2016-08-11 19:37:17 +02:00
Arthur Schiwon 36c1b7eb31
adjust Theming app 2016-08-11 17:29:58 +02:00
Julius Haertl 5f4e88ef6c
Theming: Add OCA.Theming Js for app interaction 2016-08-10 13:39:21 +02:00
Julius Haertl ef17f8b3ba
Add css classes to allow app developers using the theming colors 2016-08-09 22:54:25 +02:00
Joas Schilling dae6432ae7
Increment the versions and adjust the capitilization 2016-08-08 16:45:40 +02:00
Morris Jobke dbf3ca5baf Merge pull request #682 from nextcloud/fix-theming-logo
fix missing semicolon to fix themed logo on log in page
2016-08-01 19:50:42 +02:00
Jan-Christoph Borchardt ad5e98c81a fix missing semicolon to fix themed logo on log in page 2016-08-01 09:57:05 +02:00
Joas Schilling 13c19e5286
Validate the input of the theming options 2016-08-01 09:37:12 +02:00
Joas Schilling 5306b4feba
Fix tests 2016-07-28 17:49:08 +02:00
Joas Schilling 2de4112176
Update routes.php 2016-07-28 17:49:08 +02:00
Joas Schilling 2f574f60ec
Remove useless check 2016-07-28 17:49:08 +02:00
Joas Schilling ba558664cf
Use the methods on the Response object 2016-07-28 17:49:08 +02:00
Joas Schilling eec6986d7c
Use public API preferable 2016-07-28 17:49:08 +02:00
Joas Schilling 7efadf7b6b
Move classes to PSR-4 2016-07-28 17:49:08 +02:00
Bjoern Schiessle 14ca7c9cdc
fix background id selector for the first run wizard 2016-07-28 16:32:39 +02:00
Bjoern Schiessle ee1be23b37
fix unit tests 2016-07-28 13:30:55 +02:00
Bjoern Schiessle be365b4975
re-use background color from theme in the firstrunwizard 2016-07-28 12:16:39 +02:00
Bjoern Schiessle 583f86d90a
apply theme to the firstrunwizard 2016-07-28 12:15:33 +02:00
Julius Haertl 217b02aaa0
Theming: Cleanup and remove opacity from checkbox/radiobutton 2016-07-27 20:21:53 +02:00
Julius Haertl cc457cd665
Theming: Generate colorized radio buttons dynamically 2016-07-27 20:00:23 +02:00
Julius Haertl 7ff19e342e
Theming: Colorize radio buttons and append new styles on preview 2016-07-27 20:00:23 +02:00