averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-03-04 18:28:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
62,614 Commits 712 Branches 1,186 Tags
cb73fe26b818cfdb8fbf07116cd8e970a9cdc708
Commit Graph

82 Commits

Author SHA1 Message Date
Joas Schilling
0acd4b5f82 Merge pull request #31235 from nextcloud/techdebt/noid/extract-request-id 
Extract request id handling to dedicated class so it can be injected without DB dependency
 2022-03-22 12:08:45 +01:00
Julius Härtl
bd03dd37be Allow to set a strict-dynamic CSP through the API 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-03-09 15:10:27 +01:00
Julius Härtl
2dd96fe8da Fix tests 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-02-28 11:24:41 +01:00
Joas Schilling
cc6653e45c Adjust and add unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-02-23 11:01:58 +01:00
Robin Appelman
c712987878 send request id in response header 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2022-02-01 14:24:01 +01:00
Carl Schwan
6312c0df69 Check style update 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-01-13 00:19:07 +01:00
Côme Chilliet
3a1b3745eb Fix DateTime constructor calls with null 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2021-11-23 09:28:58 +01:00
Lukas Reschke
377514aad1 Escape filename in Content-Disposition 
We should escape all occurences of ' and \ in here.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-06-02 19:22:17 +02:00
Roeland Jago Douma
9163790b7c Set frame-ancestors to none if none are filled 
frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-11-18 10:13:36 +01:00
Roeland Jago Douma
fa6a790859 Remove deprecated OCSResponse 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-11-01 14:12:27 +01:00
Christoph Wurst
d9015a8c94 Format code to a single space around binary operators 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-10-05 20:25:24 +02:00
Joas Schilling
95a301ea57 Fix tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-10-02 10:37:18 +02:00
Morris Jobke
234b510652 Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-08-12 13:55:19 +02:00
Morris Jobke
0123cd0ae3 Use assertStringContainsString instead of assertContains on strings 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-07-23 17:11:29 +02:00
Joas Schilling
74a9cadc50 Fix IPv6 remote addresses from X_FORWARDED_FOR headers before validating 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-07-02 11:13:13 +02:00
Joas Schilling
b7060be18d Fix robots "noindex, nofollow" signals 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-06-25 08:29:43 +02:00
blizzz
859941db32 Merge pull request #21479 from nextcloud/fix/21474/allow_specifying_cookie_type 
Allow to specify the cookie type for appframework responses
 2020-06-22 13:00:12 +02:00
Roeland Jago Douma
fbf9772a3e Allow to specify the cookie type for appframework responses 
In general it is good to set them to Lax. But also to give devs more
control over them is not a bad thing.

Helps with #21474

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-06-22 08:38:44 +02:00
Roeland Jago Douma
c006b5ff2a Fix unit test of the ResponseTest 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-06-21 09:44:56 +02:00
Roeland Jago Douma
7c15c63b05 Merge pull request #20939 from nextcloud/enh/middleware/not_modified 
Move not modified check to the middleware
 2020-05-13 09:04:56 +02:00
Roeland Jago Douma
12fa748c49 Move the notmodified check to middleware where it belongs 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-05-13 08:11:24 +02:00
Clement Wong
979dd1b6f5 Fix http cache test 
Signed-off-by: Clement Wong <git@clement.hk>
 2020-05-12 11:50:48 +02:00
Christoph Wurst
1584c9ae9c Add visibility to all methods and position of static keyword 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 16:51:06 +02:00
Christoph Wurst
caff1023ea Format control structures, classes, methods and function 
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 14:19:56 +02:00
Christoph Wurst
14c996d982 Use elseif instead of else if 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 10:35:09 +02:00
Christoph Wurst
44577e4345 Remove trailing and in between spaces 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 16:07:47 +02:00
Christoph Wurst
afbd9c4e6e Unify function spacing to PSR2 recommendation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 13:54:22 +02:00
Christoph Wurst
2a529e453a Use a blank line after the opening tag 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 11:50:14 +02:00
Christoph Wurst
41b5e5923a Use exactly one empty line after the namespace declaration 
For PSR2

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 11:48:10 +02:00
Christoph Wurst
2fbad1ed72 Fix (array) indent style to always use one tab 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 10:16:08 +02:00
Christoph Wurst
463b388589 Merge pull request #20170 from nextcloud/techdebt/remove-unused-imports 
Remove unused imports
 2020-03-27 17:14:08 +01:00
Christoph Wurst
b80ebc9674 Use the short array syntax, everywhere 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-26 16:34:56 +01:00
Christoph Wurst
2ee65f177e Use the shorter phpunit syntax for mocked return values 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-25 22:21:27 +01:00
Christoph Wurst
74936c49ea Remove unused imports 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-25 22:08:08 +01:00
Daniel Kesselberg
8331d8296b Make getServerHost more robust to faulty user input 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2020-01-16 11:26:29 +01:00
Daniel Kesselberg
d393b1612b Modify regex to match some other chromium browsers 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-12-27 17:24:52 +01:00
Roeland Jago Douma
3a7cf40aaa Mode to modern phpunit 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-27 15:27:18 +01:00
Roeland Jago Douma
c007ca624f Make phpunit8 compatible 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-27 13:34:41 +01:00
Roeland Jago Douma
68748d4f85 Some php-cs fixes 
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-22 20:52:10 +01:00
Roeland Jago Douma
f81817b47d Add tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-08-10 19:40:13 +02:00
Roeland Jago Douma
b8c5008acf Add feature policy header 
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-08-10 14:26:22 +02:00
Roeland Jago Douma
cf647451e5 Update CSP test cases to handle the new form-action 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-31 15:16:10 +02:00
Roeland Jago Douma
7276735eb4 Set empty CSP by default 
For #14179

By default responses should have the strictest (and simplest) CSP
possible. Only template responses should require an actual CSP.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-04-16 14:09:39 +02:00
Roeland Jago Douma
ad676c0102 Set default frame-ancestors to 'self' 
For #13042

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-01-08 15:36:40 +01:00
Roeland Jago Douma
64244e1a4f CSP: Allow fonts to be provided in data 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-01-07 15:07:06 +01:00
Roeland Jago Douma
514426e27d Only trust the X-FORWARDED-HOST header for trusted proxies 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-12-17 15:54:45 +01:00
Oliver Wegner
401ca28f07 Adding handling of CIDR notation to trusted_proxies for IPv4 
Signed-off-by: Oliver Wegner <void1976@gmail.com>
 2018-10-30 09:15:42 +01:00
Roeland Jago Douma
579822b6a5 Add report-uri to CSP 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-10-21 13:38:32 +02:00
Roeland Jago Douma
5b61ef9213 Disallow unsafe-eval by default 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-10-14 20:45:34 +02:00
Roeland Jago Douma
a34495933e Move caching logic to response 
This avoids having to do it at all the places we want cached responses.

We can't inject the ITimeFactor without breaking public API.
However we can perfectly overwrite the service (resulting in the same
testable effect).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-06-04 08:48:54 +02:00