nextcloud

Commit Graph

Author	SHA1	Message	Date
Lukas Reschke	bbd5f28415	Let users configure security headers in their Webserver Doing this in the PHP code is not the right approach for multiple reasons: 1. A bug in the PHP code prevents them from being added to the response. 2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud) 3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations. This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.	2015-03-02 19:07:46 +01:00
Lukas Reschke	e73ccbd4ca	Migrate "setsecurity.php" to the AppFramework Add switch to enforce SSL for subdomains Add unit tests Add test for boolean values Camel-case Fix ugly JS	2014-11-03 16:53:03 +01:00

Author

SHA1

Message

Date

Lukas Reschke

bbd5f28415

Let users configure security headers in their Webserver

Doing this in the PHP code is not the right approach for multiple reasons:

1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.

This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.

2015-03-02 19:07:46 +01:00

Lukas Reschke

e73ccbd4ca

Migrate "setsecurity.php" to the AppFramework

Add switch to enforce SSL for subdomains

Add unit tests

Add test for boolean values

Camel-case

Fix ugly JS

2014-11-03 16:53:03 +01:00

2 Commits