nextcloud-server-mirror

mirror of https://github.com/nextcloud/server.git synced 2026-03-04 18:28:08 +01:00

Author	SHA1	Message	Date
Roeland Jago Douma	c257cd57d4	Handle SameSiteCookie check for index.php in AppFramework Middleware Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-09-24 21:07:16 +02:00
Roeland Jago Douma	9717cdfb9e	If there is no content don't error Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-08-09 15:51:13 +02:00
Roeland Jago Douma	ede15f0988	Fix L10N::t Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-08-01 08:20:17 +02:00
coderkun	bdc7bb1f26	Add IPv6 to “localhost” regex (#440 ) Signed-off-by: Oliver Hanraths <olli@coderkun.de>	2017-05-14 21:29:03 +02:00
Joas Schilling	695696a4a6	Use constants Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-04-13 12:04:32 -05:00
Juan Pablo Villafáñez	38e5135cb9	Reorder the entries of the log for easier reading	2017-04-12 13:03:19 +02:00
Roeland Jago Douma	2a9192334e	Don't try to parse empty body if there is no body Fixes #3890 If we do a put request without a body the current code still tries to read the body. This patch makes sure that we do not try to read the body if the content length is 0. See RFC 2616 Section 4.3 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-04-04 08:22:33 +02:00
Roeland Jago Douma	8626ccab1c	dont require strict same site cookies for ocs requests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-09 16:48:48 +01:00
Joas Schilling	33fb86f68b	Fix detection of the new iOS app Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-02-10 10:10:21 +01:00
Christoph Wurst	5e728d0eda	oc_token should be nc_token Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-02-02 21:56:44 +01:00
Lukas Reschke	a05b8b7953	Harden cookies more appropriate This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening. See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications. Fixes https://github.com/nextcloud/server/issues/1412 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2016-11-23 12:53:44 +01:00
Joas Schilling	c20ab0049f	Identify Chromium as Chrome Signed-off-by: Joas Schilling <coding@schilljs.com>	2016-10-26 12:07:10 +02:00
Joas Schilling	f9cea0b582	Merge pull request #797 from nextcloud/only-match-for-auth-cookie Match only for actual session cookie	2016-08-31 15:59:16 +02:00
Lukas Reschke	d50e7ee36c	Remove reading PATH_INFO from server variable Having two code paths for this is unreliable and can lead to bugs. Also, in some cases Apache isn't setting the PATH_INFO variable when mod_rewrite is used. Fixes https://github.com/nextcloud/server/issues/983	2016-08-19 14:48:13 +02:00
Roeland Jago Douma	8f3dc0ba43	Remove IE_8 user agent string	2016-08-16 21:01:32 +02:00
Lukas Reschke	b53ea18ea5	Match only for actual session cookie OVH has implemented load balancing in a very questionable way where the reverse proxy actually internally adds some cookies which would trigger a security exception. To work around this, this change only checks for the session cookie.	2016-08-09 19:23:08 +02:00
Joas Schilling	0215b004da	Update with robin	2016-07-21 18:13:58 +02:00
Joas Schilling	ba87db3fcc	Fix others	2016-07-21 18:13:57 +02:00
Lukas Reschke	a299fa38a9	[master] Port Same-Site Cookies to master Fixes https://github.com/nextcloud/server/issues/50	2016-07-20 18:37:57 +02:00
Joas Schilling	b1d652e8b0	Copy the regexes to the public interface	2016-07-18 15:11:44 +02:00
Lukas Reschke	aba539703c	Update license headers	2016-05-26 19:57:24 +02:00
Roeland Jago Douma	eb11ed1851	Make ownCloud work again in php 7.0.6 See https://bugs.php.net/bug.php?id=72117	2016-04-28 12:23:17 +02:00
Roeland Jago Douma	1d33a5ef13	Move \OC\AppFramework to PSR-4 * Also moved the autoloader setup a bit up since we need it in initpaths	2016-04-22 15:28:09 +02:00

23 Commits