averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-27 18:37:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,791 Commits 689 Branches 1,186 Tags
stable30
Commit Graph

23 Commits

Author SHA1 Message Date
Andy Scherzinger
1f7e2ba599 chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-13 17:41:36 +02:00
Ferdinand Thiessen
ecf9f0a872 fix(CSP): Only add strict-dynamic when using nonces 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2023-11-17 22:01:02 +01:00
Ferdinand Thiessen
e231abd9bf fix!(ContentSecurityPolicy): Make strict-dynamic enabled by default on script-src-elem 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2023-11-17 14:42:36 +01:00
Joas Schilling
030e8d8916 fix: Align doc type with creation 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-27 23:13:38 +02:00
Christoph Wurst
08a3f37695 chore(appframework)!: Drop \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-06-12 10:03:59 +02:00
Vincent Petry
18c013d8fc Add CSP policy merge priority for booleans 
When two booleans conflict when merging CSP policies, true will win.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2022-04-01 13:56:34 +02:00
Julius Härtl
bd03dd37be Allow to set a strict-dynamic CSP through the API 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-03-09 15:10:27 +01:00
J0WI
ca7b37ce5a Make Security module strict 
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
 2021-04-19 17:31:12 +02:00
Christoph Wurst
caff1023ea Format control structures, classes, methods and function 
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 14:19:56 +02:00
Christoph Wurst
afbd9c4e6e Unify function spacing to PSR2 recommendation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 13:54:22 +02:00
Christoph Wurst
41b5e5923a Use exactly one empty line after the namespace declaration 
For PSR2

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 11:48:10 +02:00
Christoph Wurst
74936c49ea Remove unused imports 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-25 22:08:08 +01:00
Roeland Jago Douma
3a7cf40aaa Mode to modern phpunit 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-27 15:27:18 +01:00
Roeland Jago Douma
c007ca624f Make phpunit8 compatible 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-27 13:34:41 +01:00
Roeland Jago Douma
cf647451e5 Update CSP test cases to handle the new form-action 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-31 15:16:10 +02:00
Roeland Jago Douma
5ac857bcdc Add an event to edit the CSP 
This introduces and event that can be listend to when we actually use
the CSP. This means that apps no longer have to always inject their CSP
but only do so when it is required. Yay for being lazy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-08 20:35:15 +02:00
Roeland Jago Douma
ad676c0102 Set default frame-ancestors to 'self' 
For #13042

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-01-08 15:36:40 +01:00
Roeland Jago Douma
64244e1a4f CSP: Allow fonts to be provided in data 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-01-07 15:07:06 +01:00
Roeland Jago Douma
5b61ef9213 Disallow unsafe-eval by default 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-10-14 20:45:34 +02:00
Joas Schilling
bf2be08c9f Fix risky tests without assertions 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-01-25 11:33:25 +01:00
Morris Jobke
f9bc53146d Fix unit tests 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-28 21:00:12 -06:00
Lukas Reschke
adfd1e63f6 Add base-uri to CSP policy 
As per https://twitter.com/we1x/status/842032709543333890 a nice security hardening

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-03-16 15:16:20 +01:00
Joas Schilling
94ad54ec9b Move tests/ to PSR-4 (#24731) 
* Move a-b to PSR-4

* Move c-d to PSR-4

* Move e+g to PSR-4

* Move h-l to PSR-4

* Move m-r to PSR-4

* Move s-u to PSR-4

* Move files/ to PSR-4

* Move remaining tests to PSR-4

* Remove Test\ from old autoloader
 2016-05-20 15:38:20 +02:00