7c078a81b4
Add trict CSP to OCS responses
...
If a repsonse now explicitly has the Empty CSP set then the middleware
won't touch it.
2016-09-15 13:11:36 +02:00
5c718b13b8
We should properly check for 'true' instaed of the bool
2016-08-01 08:52:50 +02:00
f7f5216aa3
Dark hackery to not always disable CSRF for OCS controllers
2016-07-29 15:49:27 +02:00
ba87db3fcc
Fix others
2016-07-21 18:13:57 +02:00
c385423d10
Merge pull request #479 from nextcloud/add-bruteforce-throttler
...
Implement brute force protection
2016-07-21 00:31:02 +02:00
ba4f12baa0
Implement brute force protection
...
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
a299fa38a9
[master] Port Same-Site Cookies to master
...
Fixes https://github.com/nextcloud/server/issues/50
2016-07-20 18:37:57 +02:00
82b50d126c
add PasswordLoginForbiddenException
2016-06-17 11:02:07 +02:00
331d88bcab
create session token on all APIs
2016-06-13 15:38:34 +02:00
9997c431c3
use client login method on CORS routes
2016-06-08 15:18:53 +02:00
aba539703c
Update license headers
2016-05-26 19:57:24 +02:00
4eebccd81f
Fix inconsistent nameing of AppFramework
2016-04-22 16:00:00 +02:00
1d33a5ef13
Move \OC\AppFramework to PSR-4
...
* Also moved the autoloader setup a bit up since we need it in initpaths
2016-04-22 15:28:09 +02:00
Roeland Jago Douma
Joas Schilling
Lukas Reschke
Christoph Wurst
Lukas Reschke
Roeland Jago Douma