frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The QBMapper is kind of a generic type, though this concept does not
exist in php. Hence you have a lot of type coercion in subtypes (mappers
in the individual apps) because you suddenly don't expect an Entity[]
but your specific type.
Luckily Psalm lets us type those. Then in the subclass you can
psalm-implement the mapper with a concrete type and psalm will do all
the magic to ensure types are used correctly.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
With 4152216bd8 these two interfaces got
deprecated with the reasoning that we only need the base PSR interface.
However, there are cases where in Nextcloud you still want to have a
specific container (the one for the app vs the one for the server) when
you either have a container injected or query one from a container.
With a single interface that would not be possible. So it's probably
better if we leave the two interfaces, but only have them extend the PSR
interface. IContainer – with the custom methods – shall still be phased
out, but the two other sub interfaces can stay for tagging purposes.
Tagging means that no methods shall be added.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This is like what we have to DI and classes, but for callables.
The motivating factor is to get rid of *service locators* in the `boot`
method of apps as a new pattern is about to emerge where we have lots of
`query` calls on the app or server container in order to fetch some
services.
With this little helper it's possible to call another (public) method
and magically have everything injected.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
In general it is good to set them to Lax. But also to give devs more
control over them is not a bad thing.
Helps with #21474
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Some apps require the composer autoloader from app.php. If we run boot
before including that file, classes and functions from dependencies
won't be found.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 out of 10 cases apps want to access their own appconfig. Hence it
would be nice not to have to enter the app id all the time. This simple
wrapper just passes on the appid in all calls.
Basically this allows for simpler code in the apps.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
That leads to a false positive is not setup via query() but directly warning for every app because
the check does not work anymore.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>