Commit Graph

193 Commits

Author SHA1 Message Date
Ferdinand Thiessen ba00416040 refactor(Streamer): inject IDateTimeZone as constructor arg
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-08-14 17:19:28 +02:00
Ferdinand Thiessen 5981b7eb51 chore: apply new CSFixer rules
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

# Conflicts:
#	apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
2025-07-01 16:26:50 +02:00
skjnldsv bf3ce79abd feat(files_sharing): show Account menu on public pages
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-06-11 16:43:53 +02:00
Daniel Kesselberg be587def0e fix: use correct format for expires, last-modified, and if-modified-since headers
Before: Sat, 10 May 2025 18:17:41 +0000
After: Sat, 10 May 2025 18:17:41 GMT

RFC: https://httpwg.org/specs/rfc9110.html#http.date

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2025-06-10 13:15:31 +02:00
provokateurin c3aa5316be feat(RequestHeader): Add indirect parameter
Signed-off-by: provokateurin <kate@provokateurin.de>
2025-06-03 11:09:12 +02:00
provokateurin 727b0c853c refactor(RequestHeader): Make parameter types stricter
Signed-off-by: provokateurin <kate@provokateurin.de>
2025-06-03 11:07:09 +02:00
provokateurin 18e04e1c5a chore(RequestHeader): Remove unnecessary getters
Signed-off-by: provokateurin <kate@provokateurin.de>
2025-06-03 11:06:53 +02:00
provokateurin ad031188bc feat(Http): Add RequestHeader attribute
Signed-off-by: provokateurin <kate@provokateurin.de>
2025-05-20 13:10:34 +02:00
Ferdinand Thiessen 74bded74a3 refactor: migrate from OC to OCP in public interfaces
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-05-15 16:17:47 +02:00
Côme Chilliet f033ef7c18 fix: Migrate all uses of OCP\Template to OCP\Template\ITemplateManager
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-03-06 15:49:25 +01:00
Côme Chilliet 253628ad5a fix: Fix psalm issues and add missing methods to ITemplate interface
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-03-06 15:49:25 +01:00
Côme Chilliet fec865cc29 chore: Correctly flag json encoding methods as escaping html and quotes
Especially with JSON_HEX_TAG it’s perfectly fine to echo JSON, and we
 only use it in JSON output anyway.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-02-17 15:24:07 +01:00
Joas Schilling c515617377 Merge pull request #50070 from nextcloud/docs/http/cors-attribute
docs(HTTP): Add proper docs for CORS attribute
2025-01-09 12:05:28 +01:00
provokateurin 7db694f534 fix(Http): Only allow valid HTTP status code values via template
Signed-off-by: provokateurin <kate@provokateurin.de>
2025-01-07 15:45:30 +01:00
provokateurin 11feecf772 docs(HTTP): Add proper docs for CORS attribute
Signed-off-by: provokateurin <kate@provokateurin.de>
2025-01-07 15:41:19 +01:00
provokateurin 3624923af2 fix(HTTP): Adjust JSONResponse data type
Signed-off-by: provokateurin <kate@provokateurin.de>
2025-01-04 00:58:54 +01:00
Louis Chemineau a2f2f7ce93 feat: Use inline password confirmation in external storage settings
Signed-off-by: Louis Chemineau <louis@chmn.me>
2024-11-28 11:01:54 +01:00
Ferdinand Thiessen a8f46af20f chore: Add proper deprecation dates where missing
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-09-20 00:46:03 +02:00
provokateurin 9836e9b164 chore(deps): Update nextcloud/coding-standard to v1.3.1
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-09-19 14:21:20 +02:00
Christopher Ng 4fed8ed891 fix: Fix missing footer on public pages
Signed-off-by: Christopher Ng <chrng8@gmail.com>
2024-09-04 16:41:13 -07:00
Ferdinand Thiessen 61d687631b chore(ExternalShareMenuAction): Remove unused legacy properties
Keep them in the constructor to not break the API,
but they are not used anymore.
This way of adding a share was deprecated in Nextcloud 12 (2016!),
in favor of the federated share API, in Nextcloud 28 this way to create a share was removed.

So we can cleanup as all it takes now to create a federeated share is the share token + federated user ID.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-09-03 16:07:50 +02:00
Ferdinand Thiessen 4d2556d4cf refactor(IMenuAction): Make public menu actions use the new Vue UI
This removes custom rendering code an replaces it with the declarative menu actions.
Also adjust the template to allow the Vue UI to mount.
Custom entries still are possible.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-09-03 16:07:49 +02:00
Daniel Kesselberg af6de04e9e style: update codestyle for coding-standard 1.2.3
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2024-08-25 19:34:58 +02:00
Ferdinand Thiessen 009761be58 test: Adjust tests for CSP nonce
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-08-13 10:06:32 +02:00
Ferdinand Thiessen 86f01a3358 fix: Make sure CSP nonce is not double base64 encoded
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-08-13 09:52:33 +02:00
Christopher Ng 8bbd326143 feat: Allow passing additional encode flags for json response
Signed-off-by: Christopher Ng <chrng8@gmail.com>
2024-08-01 09:14:44 -07:00
Christopher Ng b859260423 feat: Increase max depth of encoded json
Signed-off-by: Christopher Ng <chrng8@gmail.com>
2024-08-01 09:14:44 -07:00
Alexander Piskun b7af6ec200 feat: allow for ExApps to call Admin endpoints marked with specific attr
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
2024-07-18 15:11:39 +03:00
skjnldsv a65cdd1e70 fix: ARateLimit documentation
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2024-07-12 20:14:30 +02:00
provokateurin 355ef202e4 feat(OpenAPI): Add ex_app scope
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-07-02 09:12:48 +02:00
provokateurin 5aefdc399e feat(AppFramework): Add ExAppRequired attribute
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-07-01 14:41:20 +02:00
Andy Scherzinger dae7c159f7 chore: Add SPDX header
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2024-05-24 13:11:22 +02:00
provokateurin db77eab677 fix(AppFramework): Fix error message about 204 not allowing custom headers
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-04-08 16:08:44 +02:00
Côme Chilliet ec5133b739 fix: Apply new coding standard to all files
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-04-02 14:16:21 +02:00
Julius Härtl 78ba1b0712 fix: Allow nonce in csp header also if no other reasons are given
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2024-03-08 12:11:46 +01:00
provokateurin df6175ccb1 feat(AppFramework): Add Route attribute
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-02-21 12:07:50 +01:00
Joas Schilling f6b6776c93 fix(API): Use a distinct exception so apps can react to it and customize the return
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-11-28 06:11:57 +01:00
Joas Schilling aa5f037af7 chore: apply changes from Nextcloud coding standards 1.1.1
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2023-11-23 10:36:13 +01:00
Ferdinand Thiessen ecf9f0a872 fix(CSP): Only add strict-dynamic when using nonces
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2023-11-17 22:01:02 +01:00
Ferdinand Thiessen e231abd9bf fix!(ContentSecurityPolicy): Make strict-dynamic enabled by default on script-src-elem
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2023-11-17 14:42:36 +01:00
Ferdinand Thiessen 7df9eb3351 feat(ContentSecurityPolicy): Allow to set strict-dynamic on script-src-elem only
This adds the possibility to set `strict-dynamic` on `script-src-elem` only while keep the default rules for `script-src`.
The idea is to allow loading module js which imports other files and thus does not allow nonces on import but on the initial script tag.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2023-11-17 11:12:57 +01:00
Joas Schilling ffc1bb774b feat(openapi): Add OpenAPI attribute to allow multiple scopes and overwriting tags
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-11-03 09:25:11 +01:00
Git'Fellow 066f6ef16c Stop sending deprecated Pragma header
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
2023-08-28 15:11:22 +02:00
Robin Appelman ccf57e0715 add separate event for rendering login page template
Signed-off-by: Robin Appelman <robin@icewind.nl>
2023-08-17 10:57:56 +02:00
Daniel Calviño Sánchez 41f2d912d2 Allow "wasm-unsafe-eval" in CSP
If a page has a Content Security Policy header and the `script-src` (or
`default-src`) directive does not contain neither `wasm-unsafe-eval` nor
`unsafe-eval` loading and executing WebAssembly is blocked in the page
(although it is still possible to load and execute WebAssembly in a
worker thread).

Although the Nextcloud classes to manage the CSP already supported
allowing `unsafe-eval` this affects not only WebAssembly, but also the
`eval` operation in JavaScript.

To make possible to allow WebAssembly execution without allowing
JavaScript `eval` this commit adds support for allowing
`wasm-unsafe-eval`.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2023-08-10 02:38:41 +02:00
Joas Schilling 1b387bb341 fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalScripts
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-07-27 09:57:52 +02:00
jld3103 2d6a62ccee Add IgnoreOpenAPI attribute
Signed-off-by: jld3103 <jld3103yt@gmail.com>
2023-07-10 14:25:22 +02:00
Christoph Wurst 14719110b9 chore: Replace \OC::$server->query with \OCP\Server::get in /lib
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-07-06 15:21:22 +02:00
jld3103 b0001c6010 Add template types to responses
Signed-off-by: jld3103 <jld3103yt@gmail.com>
2023-06-30 09:33:29 +02:00
Christoph Wurst 08a3f37695 chore(appframework)!: Drop \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-06-12 10:03:59 +02:00