Lukas Reschke bbd5f28415 Let users configure security headers in their Webserver ... Doing this in the PHP code is not the right approach for multiple reasons: 1. A bug in the PHP code prevents them from being added to the response. 2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud) 3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations. This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.		2015-03-02 19:07:46 +01:00
..
acceptance	correct delete-icon to icon-delete, fix #11128	2014-09-22 18:17:33 +02:00
core/lostpassword/controller	Mock l10n in the setup	2015-02-01 17:46:48 +01:00
data	implement php code checker to detect usage of not allowed private APIs - including console command to check local code to be used by developers	2015-02-10 11:51:24 +01:00
lib	add some tests for disabled updater	2015-02-27 17:14:17 +01:00
settings	Let users configure security headers in their Webserver	2015-03-02 19:07:46 +01:00
apps.php	load test cases from enabled apps	2012-10-08 14:26:51 +02:00
bootstrap.php	Disable bootstrap.php checks when HHVM is used	2015-02-28 10:11:12 +01:00
enable_all.php	Add provisioning_api app	2014-12-24 22:15:20 +01:00
karma.config.js	Added unit test for app filter	2015-02-23 15:29:25 +01:00
phpunit-autotest-external.xml	Setup a docker container that holds a webdav instance to test files_external	2014-12-17 21:50:35 +01:00
phpunit-autotest.xml	Add provisioning_api app	2014-12-24 22:15:20 +01:00
phpunit.xml.dist	Add provisioning_api app	2014-12-24 22:15:20 +01:00
preseed-config.php	adding new config parameter for sqlite to specify the journal mode	2014-11-25 16:29:06 +01:00
startsessionlistener.php	kill OC::$session	2014-08-29 10:22:21 +02:00