mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
23,225 Commits 349 Branches 696 Tags 1.6 GiB
JavaScript 49%
PHP 47.6%
Gherkin 1.2%
Vue 1.2%
CSS 0.6%
Other 0.4%
Go to file
Lukas Reschke bbd5f28415 Let users configure security headers in their Webserver 
Doing this in the PHP code is not the right approach for multiple reasons:

1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.

This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
 		2015-03-02 19:07:46 +01:00
.idea Add newline that was removed by 15be763d46 2014-12-10 09:38:32 +01:00
3rdparty@322e9ce44a update 3rdparty to current master 2015-02-26 15:11:03 +01:00
apps Merge pull request #14573 from owncloud/enc-migrate-disable-updater 2015-03-02 14:53:29 +01:00
build php script which updates the license header in all php file in the repo 2015-02-22 20:36:36 +00:00
config Let users configure security headers in their Webserver 2015-03-02 19:07:46 +01:00
core Let users configure security headers in their Webserver 2015-03-02 19:07:46 +01:00
l10n Correctly create the expected key for plurals with quotes 2015-02-18 13:22:06 +01:00
lib Let users configure security headers in their Webserver 2015-03-02 19:07:46 +01:00
ocs Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
settings Let users configure security headers in their Webserver 2015-03-02 19:07:46 +01:00
tests Let users configure security headers in their Webserver 2015-03-02 19:07:46 +01:00
themes Gitorious => Github 2012-08-26 02:39:42 +03:00
.bowerrc ability to add bower resources 2014-11-03 20:54:40 +01:00
.gitignore Better cleanup in autotest.sh 2015-01-28 15:06:18 +00:00
.gitmodules use https as submodule url 2014-03-21 19:38:22 +01:00
.htaccess Let users configure security headers in their Webserver 2015-03-02 19:07:46 +01:00
.jshintrc enable laxbreak option in jshintrc to comply with our coding guide lines 2014-11-04 12:51:54 +01:00
.mailmap Adding .mailmap - helps to add unified authors to the license header 2015-02-22 20:36:36 +00:00
.scrutinizer.yml bower jquery-ui - exported changes to a separate css file 2014-12-13 09:47:34 +01:00
.tag Add .tag file to make tar balls tracable 2014-06-14 17:40:32 +02:00
.user.ini Use "off" and "off" instead of true booleans 2015-02-23 09:40:15 +01:00
AUTHORS Add myself as author 2014-09-19 17:24:12 +02:00
CONTRIBUTING.md add documentation issue trackers and use https everywhere 2015-02-18 19:13:49 +01:00
COPYING-AGPL Really add AGPL file 2011-02-09 15:12:09 +00:00
COPYING-README correct icon license, we use Elementary icons, not Silk anymore 2014-07-15 11:35:49 +02:00
README.md Add more HTTPS endpoints 2015-02-27 11:37:30 +01:00
autotest-external.sh fix files external test run and add common-tests option 2015-02-26 13:32:44 +01:00
autotest-hhvm.sh Better cleanup in autotest.sh 2015-01-28 15:06:18 +00:00
autotest-js.sh remove 'set -e' - causes issues during ci execution 2014-09-12 15:42:50 +02:00
autotest.cmd Restore the development config after running the tests 2014-12-02 12:41:33 +01:00
autotest.sh Better cleanup in autotest.sh 2015-01-28 15:06:18 +00:00
bower.json bump jquery.strengthify to 0.4.1 2015-01-06 13:48:58 +01:00
buildjsdocs.sh Added script to build the JS documentation 2014-10-31 13:27:36 +01:00
console.php Don't swallow errors in console.php 2015-02-28 12:31:11 +01:00
cron.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
db_structure.xml set max argument length to 4000 2015-02-25 15:09:41 +01:00
index.html Try to prefer index.php over index.html in the same directory 2013-04-24 15:11:53 +02:00
index.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
indie.json add indie.json for Indie App Store listing 2014-06-29 22:03:24 +02:00
issue_template.md Merge pull request #10830 from Finkregh/patch-1 2015-02-24 12:13:55 +01:00
occ Use a more universal shebang 2014-11-19 17:34:03 +01:00
public.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
remote.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
robots.txt Add robot.txt 2013-01-28 16:39:53 -06:00
status.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
version.php This is not 8.1 pre alpha 2015-02-28 00:26:31 +01:00

README.md

ownCloud

ownCloud gives you freedom and control over your own data. A personal cloud which runs on your own server.

Build Status on Jenkins CI

Git master: Build Status

Quality:

  • Scrutinizer: Scrutinizer Quality Score
  • CodeClimate: Code Climate

Installation instructions

https://doc.owncloud.org/server/8.0/developer_manual/app/index.html

Contribution Guidelines

https://owncloud.org/contribute/

Get in touch

Important notice on translations

Please submit translations via Transifex: https://www.transifex.com/projects/p/owncloud/

Transifex

For more detailed information about translations: http://doc.owncloud.org/server/8.0/developer_manual/core/translation.html