Go to file
Lukas Reschke fdcb8edd78
Add nonce also to legacy CSP
Pages that do not use the AppFramework have its CSP inherited from `\OC_Response::addSecurityHeaders`. While those are not many anymore, there are some examples such as the "Help" page.

To stay completely backwards-compatible we should also add the nonce to the legacy CSP response.

To test that open your browser console and open the help page. Without this you will get a JS error. With this you won't.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-26 09:41:18 +02:00
.github Move CONTRIBUTUNG and issue template into .github subfolder 2016-10-16 12:21:09 +02:00
.idea Add newline that was removed by 15be763d46 2014-12-10 09:38:32 +01:00
3rdparty@bbe556f5a3 [3rdparty] Point to master again 2016-10-18 21:44:51 +02:00
apps [tx-robot] updated from transifex 2016-10-26 00:07:12 +00:00
build remove unneeded steps 2016-10-21 10:03:48 +02:00
config Set 2.0.0 as minimum requirement for the desktop client in config.sample.php 2016-10-25 18:03:19 +02:00
contribute Add Developer Certificate of Origin (DCO) 2016-09-22 09:08:21 +02:00
core [tx-robot] updated from transifex 2016-10-26 00:07:12 +00:00
l10n Add transifex config 2016-10-06 14:20:02 +02:00
lib Add nonce also to legacy CSP 2016-10-26 09:41:18 +02:00
ocs Allow to call the files even when you are in another instance atm 2016-10-06 12:15:13 +02:00
ocs-provider Allow to call the files even when you are in another instance atm 2016-10-06 12:15:13 +02:00
resources Update root certificate list 2016-10-06 11:01:29 +02:00
settings [tx-robot] updated from transifex 2016-10-26 00:07:12 +00:00
tests Move browserSupportsCspV3 to CSPNonceManager 2016-10-25 22:03:10 +02:00
themes Svgo optimization 2016-09-27 20:56:26 +02:00
.bowerrc ability to add bower resources 2014-11-03 20:54:40 +01:00
.codecov.yml Add codecov 2016-09-28 21:08:17 +02:00
.drone.yml Bump to php7.1 RC4 2016-10-21 11:37:25 +02:00
.gitignore Add build/bin to gitignore 2016-10-25 16:52:54 +02:00
.gitmodules targets 3rdparty submodule from Nc instead of oC 2016-06-28 18:39:51 +02:00
.htaccess Make sure memory limit is > post size and upload filesize 2016-09-13 16:50:36 +02:00
.jshintrc enable laxbreak option in jshintrc to comply with our coding guide lines 2014-11-04 12:51:54 +01:00
.lgtm Get rid of LGTM self approvals 2016-06-27 23:18:01 +02:00
.mailmap Fix more mailmap entries 2016-07-21 17:32:03 +02:00
.mention-bot add nextcloud-bot to userBlacklist 2016-09-13 10:33:03 +02:00
.scrutinizer.yml Scrutinizer should not check generated composer files 2016-03-10 21:17:34 +01:00
.tag Add .tag file to make tar balls tracable 2014-06-14 17:40:32 +02:00
.user.ini Make sure memory limit is > post size and upload filesize 2016-09-13 16:50:36 +02:00
AUTHORS Update with robin 2016-07-21 18:13:58 +02:00
COPYING Rename COPYING-AGPL to COPYING 2016-09-13 22:51:02 +02:00
COPYING-README Rename COPYING-AGPL to COPYING 2016-09-13 22:51:02 +02:00
README.md Refactor README 2016-10-24 18:29:21 +02:00
autotest-external.sh Make tests work with 4.8 at least 2016-09-13 16:31:33 +02:00
autotest-hhvm.sh Combine autotest-hhvm.sh with autotest.sh 2015-05-04 16:37:23 +02:00
autotest-js.sh always use local karma 2016-06-29 18:45:13 +02:00
autotest.sh test alternative drone syntax for command options 2016-10-19 00:15:01 +02:00
bower.json Merge pull request #1407 from nextcloud/multiline_comments 2016-10-11 16:17:51 +02:00
buildjsdocs.sh Added OC.Files.Client Webdav-based files client 2015-11-22 16:05:49 +01:00
composer.json Use classmap to load core files 2016-07-18 14:46:54 +02:00
console.php Nextcloud runs only on PHP 5.6+ 2016-10-25 09:20:03 +02:00
cron.php [master] Tear down FS between cron jobs (#26223) 2016-10-12 08:37:17 +02:00
db_structure.xml final db indexes 2016-08-16 13:21:59 +02:00
index.html Try to prefer index.php over index.html in the same directory 2013-04-24 15:11:53 +02:00
index.php fix wrong method name 2016-10-20 17:24:07 +02:00
occ Use a more universal shebang 2014-11-19 17:34:03 +01:00
public.php Allow to call the files even when you are in another instance atm 2016-10-06 12:15:13 +02:00
remote.php Allow to call the files even when you are in another instance atm 2016-10-06 12:15:13 +02:00
robots.txt Add robot.txt 2013-01-28 16:39:53 -06:00
status.php Expose the needupgrade status (#26209) 2016-10-20 14:24:23 +02:00
version.php Avatar migration step 2016-10-05 11:00:16 +02:00

README.md

Nextcloud Server

Build Status Scrutinizer Code Quality irc irc

A safe home for all your data.

Why is this so awesome?

  • 📁 Access your Data You can store your files, contacts, calendars and more on a server of your choosing.
  • 📦 Sync your Data You keep your files, contacts, calendars and more synchronized amongst your devices.
  • 🔄 Share your Data …by giving others access to the stuff you want them to see or to collaborate with.
  • 🚀 Expandable with dozens of Apps ...like Calendar, Contacts, Mail and all those you can discover in our App Store
  • 🔒 Security with our encryption mechanisms, HackerOne bounty program and two-factor authentification.

You want to learn more about how you can use Nextcloud to access, share and protect your files, calendars, contacts, communication & more at home and at your Enterprise? Learn about all our Features.

Get your Nextcloud

Enterprise? Public Sector or Education user? You may want to have a look into the Enterprise Support Subscription provided by the Nextcloud GmbH

Get in touch

…learn more about how to get support for Nextcloud here!

Contribution Guidelines

All contributions to this repository from June, 16 2016 on are considered to be licensed under the AGPLv3 or any later version.

Nextcloud doesn't require a CLA (Contributor License Agreement). The copyright belongs to all the individual contributors. Therefore we recommend that every contributor adds following line to the header of a file, if they changed it substantially:

@copyright Copyright (c) <year>, <your name> (<your email address>)

Please read the Code of Conduct. This document offers some guidance to ensure Nextcloud participants can cooperate effectively in a positive and inspiring atmosphere, and to explain how together we can strengthen and support each other.

Please review the guidelines for contributing to this repository.

More information how to contribute: https://nextcloud.com/contribute/

Running master checkouts

Third-party components are handled as git submodules which have to be initialized first. So aside from the regular git checkout invoking git submodule update --init or a similar command is needed, for details see Git documentation.

Several apps by default included in regular releases like firstrunwizard or gallery are missing in master and have to be installed manually as required.

That aside Git checkouts can be handled the same as release archives.

Note they should never be used on production systems.