Roeland Jago Douma
6dbe417c51
Inlince oc.js if possible!
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 22:03:18 +02:00
Morris Jobke
89574367bc
Merge pull request #1871 from nextcloud/use-csp-nonces
...
Use CSP nonces
2016-10-25 14:46:00 +02:00
Lukas Reschke
38b3ac8213
Add ContentSecurityPolicyNonceManager
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 16:35:31 +02:00
Lukas Reschke
9e6634814e
Add support for CSP nonces
...
CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce.
At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.)
IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO.
Implementing this offers the following advantages:
1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist
2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file.
If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 12:27:50 +02:00
Robin Appelman
7427fb170f
show empty folder message in filepicker
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-21 16:35:55 +02:00
Robin Appelman
14f78369d7
Use a table for the filepicker list and add size column
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-19 14:18:21 +02:00
Jan-Christoph Borchardt
cf5d30387b
Merge pull request #1641 from nextcloud/log-in-button
...
bring back dedicated log in button to make log in more usable
2016-10-17 18:28:27 +02:00
Jan-Christoph Borchardt
aa4eaf3a7e
finish up layout of log in page, postpone forgot password link for later
...
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2016-10-17 14:28:49 +02:00
Robin Appelman
6d43942125
filepicker styling
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-14 17:36:08 +02:00
Jan-Christoph Borchardt
ee231759e5
update styles of log in
...
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2016-10-11 13:58:10 +02:00
Joas Schilling
b8030e6d02
Use name from theming
2016-10-07 09:44:42 +02:00
Roeland Jago Douma
19485e3ec9
Set proper web title for apple
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-06 20:57:32 +02:00
Jan-Christoph Borchardt
75ec1541e4
fix log in button layout
2016-10-06 19:08:32 +02:00
Jan-Christoph Borchardt
3141680feb
bring back dedicated log in button to make log in more usable
2016-10-06 16:48:10 +02:00
Joas Schilling
7c0951244a
Deprecate getEditionString()
2016-09-06 16:05:28 +02:00
Lukas Reschke
06fa486706
Merge pull request #1158 from nextcloud/cache_avatars
...
Cache avatars
2016-09-05 15:08:43 +02:00
Christoph Wurst
8acb734854
add 2fa backup codes app
...
* add backup codes app unit tests
* add integration tests for the backup codes app
2016-09-05 08:51:13 +02:00
coderkun
56862e3fdc
Add attribute “tabindex” to login form ( fixes #1110 )
2016-08-31 21:58:10 +02:00
Roeland Jago Douma
14136295b7
Cache avatars properly
...
* Set proper caching headers for avatars (15 minutes)
* For our own avatar use some extra logic to invalidate when we update
2016-08-30 09:00:16 +02:00
Raghu Nayyar
b580c3664d
Merge pull request #1093 from nextcloud/mail-fontstack
...
use proper font stack for email
2016-08-28 10:30:50 +02:00
Christoph Wurst
78bb02d27a
list 2FA providers as buttons
2016-08-27 12:27:05 +02:00
Christoph Wurst
4a91673154
use centered h2 for 2FA page headers
2016-08-27 11:33:15 +02:00
Christoph Wurst
c93c5d142e
fix 2fa challenge page wording
2016-08-27 11:12:12 +02:00
Christoph Wurst
dc57b89f37
reorder 2fa challenge HTML
2016-08-27 11:12:12 +02:00
Jan-Christoph Borchardt
042c744ac6
use proper font stack for email
2016-08-26 22:59:24 +02:00
Lukas Reschke
8a6b5a1d86
Remove uninterpreted PHP
...
This is in an HTML file. The PHP won't be executed 🙈
2016-08-19 14:24:26 +02:00
Lukas Reschke
fb183f8143
Add cachebuster to right navigation
2016-08-18 12:36:14 +02:00
Lukas Reschke
3c7d2544b9
Add cache buster to left menu bar
2016-08-18 12:34:55 +02:00
Morris Jobke
bded787d0c
Empty tags are not allowed for image and feColorMatrix in IE11 and below
2016-08-17 15:59:30 +02:00
Arthur Schiwon
ceeb44bd04
Initial work on Apps page split:
...
* interfaces for the Admin settings (IAdmin) and section (ISection)
* SettingsManager service
* example setup with LDAP app
2016-08-09 18:05:09 +02:00
Jan-Christoph Borchardt
835dc59d6a
reduce info on update screens, introduce button to refresh
2016-08-04 12:48:25 +02:00
Jan-Christoph Borchardt
2f9725469d
switch nested containers in update to semibold style
2016-08-03 18:58:44 +02:00
Morris Jobke
d97fe1775a
Shake the login fields if password is wrong
2016-08-01 21:42:29 +02:00
Julius Haertl
9f50838cff
Fix wrong preserveAspectRatio at app menu icons
2016-07-29 23:06:26 +02:00
Julius Haertl
f55ba62a00
Move to svg filter on app menu to support IE9+
2016-07-28 22:33:17 +02:00
Julius Haertl
387550be88
Theming: Implement swapping the foreground color for bright colors
2016-07-15 14:16:41 +02:00
Morris Jobke
ba16fd0d33
Merge branch 'master' into sync-master
2016-07-07 11:29:46 +02:00
Hendrik Leppelsack
c47833718f
remove svg classes
2016-07-01 16:36:37 +02:00
Lukas Reschke
6670d37658
Merge remote-tracking branch 'upstream/master' into master-sync-upstream
2016-06-27 18:23:00 +02:00
Hendrik Leppelsack
e5d8726859
remove ie8+9 support
2016-06-23 12:34:53 +02:00
Joachim Sokolowski
64a9f9d77b
singleuser.user.php -> nextcloud
...
Changed to nextcloud
2016-06-22 07:48:36 +02:00
Morris Jobke
3720bae3ec
fix setup page strengthify
...
* fixes #105
2016-06-15 15:27:30 +02:00
Arthur Schiwon
a636e4ff28
Downstream 2016-06-09
...
Merge branch 'master' of https://github.com/owncloud/core into downstream-160609
2016-06-09 18:45:12 +02:00
blizzz
51fd2602a7
Revert "Downstream 2016-06-08"
2016-06-09 17:41:57 +02:00
Joas Schilling
7f88645eab
Allow to cancel 2FA after login
2016-06-09 14:00:02 +02:00
Jan-Christoph Borchardt
81145ee57c
THIS IS NEXTCLOUD! adjusting the design
2016-06-08 17:02:18 +02:00
Joas Schilling
3e3b326c85
Allow to cancel 2FA after login
2016-06-07 18:17:29 +02:00
Christoph Wurst
5e71d23ded
remember redirect_url when solving the 2FA challenge
2016-06-01 14:43:47 +02:00
Joas Schilling
5c063cf7c9
Allow opening the password reset link in a new window when its a URL
2016-05-24 09:23:25 +02:00
Christoph Wurst
dfb4d426c2
Add two factor auth to core
2016-05-23 11:21:10 +02:00