upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-03 20:41:22 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 25
68045 commits 651 branches 1179 tags 8.1 GiB
Commit graph

141 commits

Author SHA1 Message Date
Joas Schilling
ecb8b55c5c
feat(security): Add PHP \Attribute for remaining security annotations 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-25 14:50:32 +02:00
Joas Schilling
89c3c31402
feat(ratelimit): Add Attributes support to rate limit middleware 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-24 12:24:48 +02:00
Joas Schilling
e839eb9b5c
feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute and allow multiple 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00
MichaIng
5f90b8eb11
Change X-Robots-Tag header from "none" to "noindex, nofollow" 
While "none" is indeed equivalent to "noindex, nofollow" for Google, but seems to be not supported by Bing and probably other search engines.

https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name#other_metadata_names
https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag?hl=de#comma-separated-list
https://www.bing.com/webmasters/help/which-robots-metatags-does-bing-support-5198d240

Signed-off-by: MichaIng <micha@dietpi.com>
 2023-02-15 20:16:51 +01:00
Christoph Wurst
20e00cdf17
feat(app-framework): Add UseSession attribute to replace annotation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-27 09:40:35 +01:00
Côme Chilliet
f5c361cf44
composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +01:00
Joas Schilling
82b98b4b9b
Fix typo in deprecated 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-10-04 11:42:24 +02:00
Daniel
c55ae98a3f
Add description for public and immutable 
Co-authored-by: Carl Schwan <carl@carlschwan.eu>
Signed-off-by: Daniel <mail@danielkesselberg.de>
 2022-09-03 15:58:18 +02:00
Daniel Kesselberg
855ef21883
Update docblock for cacheFor 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2022-09-03 15:28:23 +02:00
blizzz
df89e7fd39
Merge pull request #32485 from nextcloud/debt/noid/psalm-streamer-fh 
[Psalm] Fix docblock for addFileFromStream
 2022-05-31 14:22:05 +02:00
Julius Härtl
3901a93c72
Use JSON_THROW_ON_ERROR instead of custom error handling 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-05-30 19:17:49 +02:00
Daniel Kesselberg
be99ea969e
Fix type for resource 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2022-05-24 22:05:59 +02:00
Joas Schilling
ad908cd87a
Make appName of TemplateResponse accessible in BeforeTemplateRenderedEvent 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-20 15:03:40 +02:00
Daniel Kesselberg
7cd356ee7d
Fix psalm warning for zip response due wrong type 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2022-05-13 15:50:26 +02:00
Vincent Petry
18c013d8fc
Add CSP policy merge priority for booleans 
When two booleans conflict when merging CSP policies, true will win.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2022-04-01 13:56:34 +02:00
Julius Härtl
bd03dd37be
Allow to set a strict-dynamic CSP through the API 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-03-09 15:10:27 +01:00
Carl Schwan
7dddbd0c35 Improve caching policy 
* Cache css with version in url. This makes most js and css requests to
  be cached by the browser

* Force caching previews, the etag is in the url so that if the propfind
  gives a new etag, we will refresh it otherwise it's no use to try to
  fetch the new etag and do tons of DB queries

Tested with firefox and 'debug' => false (important so that the js/css
urls are generated with ?v= parameter)

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-02-16 11:35:57 +01:00
Robin Appelman
c712987878
send request id in response header 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2022-02-01 14:24:01 +01:00
Daniel Rudolf
aa455e71d9
Merge branch 'master' into enhancement/noid/IURLGenerator-linkToDefaultPageUrl 2021-08-04 18:52:55 +02:00
Carl Schwan
28970563a2
Remove some mentions of ownCloud from our api documentation 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2021-07-29 15:56:30 +02:00
Daniel Rudolf
a43de10d1e
Add RedirectToDefaultAppResponse::__construct() annotations 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-07-01 15:35:09 +02:00
Daniel Rudolf
e478db9161
Deprecate RedirectToDefaultAppResponse 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-07-01 15:13:08 +02:00
Daniel Rudolf
2c7186a15f
Remove \OC::$server->getURLGenerator() usage 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-07-01 15:12:15 +02:00
Daniel Rudolf
12059eb65b
Add IUrlGenerator::linkToDefaultPageUrl() 
Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public.

Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-06-30 16:20:57 +02:00
Pytal
9ed379da22
Merge pull request #27635 from nextcloud/fix/datetime-constants 
Fix usage of DateTime constants
 2021-06-23 09:56:28 -07:00
Christoph Wurst
6d5cfe0c66
Move DateTime::RFC2822 to DateTimeInterface::2822 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-06-23 15:30:43 +02:00
Lukas Reschke
25ab4059c6 Add security.txt 
Ref https://securitytxt.org

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-06-23 13:58:47 +02:00
Morris Jobke
2ae60b42ab
Merge pull request #26494 from rigrig/fix-php8-deprecations 
Fix some php 8 warnings
 2021-06-07 23:30:59 +02:00
John Molakvoæ (skjnldsv)
215aef3cbd
Update php licenses 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-06-04 22:02:41 +02:00
Lukas Reschke
377514aad1 Escape filename in Content-Disposition 
We should escape all occurences of ' and \ in here.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-06-02 19:22:17 +02:00
Richard de Boer
a0d265b0b1 Fix a usort comparison function returning a boolean instead of an integer 
PHP 8 shows deprecation warnings about this, see #25806

Signed-off-by: Richard de Boer <git@tubul.net>
 2021-05-29 14:14:52 +02:00
Joas Schilling
02c011c4f7
Make debugging easier which header is being set 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-03-24 13:22:44 +01:00
Christoph Wurst
08d4458542
Initialize \OCP\AppFramework\Http\ZipResponse::$resources 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-02-17 19:59:27 +01:00
Christoph Wurst
9ce3ea3368
Update license headers 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-12-30 14:07:05 +01:00
Christoph Wurst
d89a75be0b
Update all license headers for Nextcloud 21 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-12-16 18:48:22 +01:00
Joas Schilling
329ffa257e
Log an error when setting a custom header on "Not Modified" responses 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-12-15 11:24:15 +01:00
Thomas Citharel
71cf92697c
Update comment to reflect current CSP policy 
JS unsafe-eval was removed a long time ago in https://github.com/nextcloud/server/pull/11028
 2020-12-12 21:11:42 +01:00
Roeland Jago Douma
1e111b2ad2
Fix DataResponse typehints 
We use this already in several places where we just pass strings or
numbers.
This all works because we just convert it to a json response in the end.
So better to have the typehints reflect this.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-11-19 20:34:42 +01:00
Roeland Jago Douma
9163790b7c
Set frame-ancestors to none if none are filled 
frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-11-18 10:13:36 +01:00
Roeland Jago Douma
fa6a790859
Remove deprecated OCSResponse 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-11-01 14:12:27 +01:00
Christoph Wurst
d9015a8c94
Format code to a single space around binary operators 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-10-05 20:25:24 +02:00
Julius Härtl
8ab2422b6c
Add acutal response to BeforeTemplateRenderedEvent 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-09-24 20:00:23 +02:00
Roeland Jago Douma
b5e9f7e846
Merge pull request #22432 from nextcloud/enh/phpdoc 
Add php docs build script
 2020-08-26 21:18:11 +02:00
Julius Härtl
45a474071e
Remove @package annotations from public namespace 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-08-26 16:59:40 +02:00
Christoph Wurst
2a054e6c04
Update the license headers for Nextcloud 20 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-08-24 14:54:25 +02:00
Joas Schilling
35a8519591
Fix CS 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-08-19 11:20:36 +02:00
Joas Schilling
e66bc4a8a7
Send "429 Too Many Requests" in case of brute force protection 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-08-19 11:20:35 +02:00
Morris Jobke
0581356169
Merge pull request #22097 from nextcloud/enh/noid/empty-template 
Add empty renderAs template
 2020-08-05 11:42:29 +02:00
Julius Härtl
b51746212e
Add base renderAs template 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-08-04 09:48:43 +02:00
Julius Härtl
e1b696929f
Move NotFoundResponse to a proper TemplateResponse 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-07-24 08:58:14 +02:00