nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-02-17 01:41:05 -05:00

Author	SHA1	Message	Date
Joas Schilling	c515617377	Merge pull request #50070 from nextcloud/docs/http/cors-attribute docs(HTTP): Add proper docs for CORS attribute	2025-01-09 12:05:28 +01:00
provokateurin	7db694f534	fix(Http): Only allow valid HTTP status code values via template Signed-off-by: provokateurin <kate@provokateurin.de>	2025-01-07 15:45:30 +01:00
provokateurin	11feecf772	docs(HTTP): Add proper docs for CORS attribute Signed-off-by: provokateurin <kate@provokateurin.de>	2025-01-07 15:41:19 +01:00
provokateurin	3624923af2	fix(HTTP): Adjust JSONResponse data type Signed-off-by: provokateurin <kate@provokateurin.de>	2025-01-04 00:58:54 +01:00
Louis Chemineau	a2f2f7ce93	feat: Use inline password confirmation in external storage settings Signed-off-by: Louis Chemineau <louis@chmn.me>	2024-11-28 11:01:54 +01:00
Ferdinand Thiessen	a8f46af20f	chore: Add proper deprecation dates where missing Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-09-20 00:46:03 +02:00
provokateurin	9836e9b164	chore(deps): Update nextcloud/coding-standard to v1.3.1 Signed-off-by: provokateurin <kate@provokateurin.de>	2024-09-19 14:21:20 +02:00
Christopher Ng	4fed8ed891	fix: Fix missing footer on public pages Signed-off-by: Christopher Ng <chrng8@gmail.com>	2024-09-04 16:41:13 -07:00
Ferdinand Thiessen	61d687631b	chore(ExternalShareMenuAction): Remove unused legacy properties Keep them in the constructor to not break the API, but they are not used anymore. This way of adding a share was deprecated in Nextcloud 12 (2016!), in favor of the federated share API, in Nextcloud 28 this way to create a share was removed. So we can cleanup as all it takes now to create a federeated share is the share token + federated user ID. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-09-03 16:07:50 +02:00
Ferdinand Thiessen	4d2556d4cf	refactor(IMenuAction): Make public menu actions use the new Vue UI This removes custom rendering code an replaces it with the declarative menu actions. Also adjust the template to allow the Vue UI to mount. Custom entries still are possible. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-09-03 16:07:49 +02:00
Daniel Kesselberg	af6de04e9e	style: update codestyle for coding-standard 1.2.3 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2024-08-25 19:34:58 +02:00
Ferdinand Thiessen	009761be58	test: Adjust tests for CSP nonce Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-13 10:06:32 +02:00
Ferdinand Thiessen	86f01a3358	fix: Make sure CSP nonce is not double base64 encoded Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-13 09:52:33 +02:00
Christopher Ng	8bbd326143	feat: Allow passing additional encode flags for json response Signed-off-by: Christopher Ng <chrng8@gmail.com>	2024-08-01 09:14:44 -07:00
Christopher Ng	b859260423	feat: Increase max depth of encoded json Signed-off-by: Christopher Ng <chrng8@gmail.com>	2024-08-01 09:14:44 -07:00
Alexander Piskun	b7af6ec200	feat: allow for ExApps to call Admin endpoints marked with specific attr Signed-off-by: Alexander Piskun <bigcat88@icloud.com>	2024-07-18 15:11:39 +03:00
skjnldsv	a65cdd1e70	fix: ARateLimit documentation Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2024-07-12 20:14:30 +02:00
provokateurin	355ef202e4	feat(OpenAPI): Add ex_app scope Signed-off-by: provokateurin <kate@provokateurin.de>	2024-07-02 09:12:48 +02:00
provokateurin	5aefdc399e	feat(AppFramework): Add ExAppRequired attribute Signed-off-by: provokateurin <kate@provokateurin.de>	2024-07-01 14:41:20 +02:00
Andy Scherzinger	dae7c159f7	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2024-05-24 13:11:22 +02:00
provokateurin	db77eab677	fix(AppFramework): Fix error message about 204 not allowing custom headers Signed-off-by: provokateurin <kate@provokateurin.de>	2024-04-08 16:08:44 +02:00
Côme Chilliet	ec5133b739	fix: Apply new coding standard to all files Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2024-04-02 14:16:21 +02:00
Julius Härtl	78ba1b0712	fix: Allow nonce in csp header also if no other reasons are given Signed-off-by: Julius Härtl <jus@bitgrid.net>	2024-03-08 12:11:46 +01:00
provokateurin	df6175ccb1	feat(AppFramework): Add Route attribute Signed-off-by: provokateurin <kate@provokateurin.de>	2024-02-21 12:07:50 +01:00
Joas Schilling	f6b6776c93	fix(API): Use a distinct exception so apps can react to it and customize the return Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-11-28 06:11:57 +01:00
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2023-11-23 10:36:13 +01:00
Ferdinand Thiessen	ecf9f0a872	fix(CSP): Only add `strict-dynamic` when using nonces Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2023-11-17 22:01:02 +01:00
Ferdinand Thiessen	e231abd9bf	fix!(ContentSecurityPolicy): Make `strict-dynamic` enabled by default on `script-src-elem` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2023-11-17 14:42:36 +01:00
Ferdinand Thiessen	7df9eb3351	feat(ContentSecurityPolicy): Allow to set `strict-dynamic` on `script-src-elem` only This adds the possibility to set `strict-dynamic` on `script-src-elem` only while keep the default rules for `script-src`. The idea is to allow loading module js which imports other files and thus does not allow nonces on import but on the initial script tag. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2023-11-17 11:12:57 +01:00
Joas Schilling	ffc1bb774b	feat(openapi): Add OpenAPI attribute to allow multiple scopes and overwriting tags Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-11-03 09:25:11 +01:00
Git'Fellow	066f6ef16c	Stop sending deprecated Pragma header Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>	2023-08-28 15:11:22 +02:00
Robin Appelman	ccf57e0715	add separate event for rendering login page template Signed-off-by: Robin Appelman <robin@icewind.nl>	2023-08-17 10:57:56 +02:00
Daniel Calviño Sánchez	41f2d912d2	Allow "wasm-unsafe-eval" in CSP If a page has a Content Security Policy header and the `script-src` (or `default-src`) directive does not contain neither `wasm-unsafe-eval` nor `unsafe-eval` loading and executing WebAssembly is blocked in the page (although it is still possible to load and execute WebAssembly in a worker thread). Although the Nextcloud classes to manage the CSP already supported allowing `unsafe-eval` this affects not only WebAssembly, but also the `eval` operation in JavaScript. To make possible to allow WebAssembly execution without allowing JavaScript `eval` this commit adds support for allowing `wasm-unsafe-eval`. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	2023-08-10 02:38:41 +02:00
Joas Schilling	1b387bb341	fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalScripts Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-07-27 09:57:52 +02:00
jld3103	2d6a62ccee	Add IgnoreOpenAPI attribute Signed-off-by: jld3103 <jld3103yt@gmail.com>	2023-07-10 14:25:22 +02:00
Christoph Wurst	14719110b9	chore: Replace \OC::$server->query with \OCP\Server::get in /lib Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-07-06 15:21:22 +02:00
jld3103	b0001c6010	Add template types to responses Signed-off-by: jld3103 <jld3103yt@gmail.com>	2023-06-30 09:33:29 +02:00
Christoph Wurst	08a3f37695	chore(appframework)!: Drop \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-06-12 10:03:59 +02:00
Git'Fellow	5b5895a130	Drop meta robots tag Revert mistake Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>	2023-06-09 18:06:37 +02:00
Joas Schilling	5b2d5767e1	fix(docs): Fix language and copy-paste class name in docs of CSP Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-05-30 13:39:33 +02:00
Joas Schilling	ecb8b55c5c	feat(security): Add PHP \Attribute for remaining security annotations Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-25 14:50:32 +02:00
Joas Schilling	89c3c31402	feat(ratelimit): Add Attributes support to rate limit middleware Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-24 12:24:48 +02:00
Joas Schilling	e839eb9b5c	feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute and allow multiple Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-03-08 12:09:22 +01:00
MichaIng	5f90b8eb11	Change X-Robots-Tag header from "none" to "noindex, nofollow" While "none" is indeed equivalent to "noindex, nofollow" for Google, but seems to be not supported by Bing and probably other search engines. https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name#other_metadata_names https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag?hl=de#comma-separated-list https://www.bing.com/webmasters/help/which-robots-metatags-does-bing-support-5198d240 Signed-off-by: MichaIng <micha@dietpi.com>	2023-02-15 20:16:51 +01:00
Christoph Wurst	20e00cdf17	feat(app-framework): Add UseSession attribute to replace annotation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-27 09:40:35 +01:00
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-01-20 11:45:08 +01:00
Joas Schilling	82b98b4b9b	Fix typo in deprecated Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-10-04 11:42:24 +02:00
Daniel	c55ae98a3f	Add description for public and immutable Co-authored-by: Carl Schwan <carl@carlschwan.eu> Signed-off-by: Daniel <mail@danielkesselberg.de>	2022-09-03 15:58:18 +02:00
Daniel Kesselberg	855ef21883	Update docblock for cacheFor Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2022-09-03 15:28:23 +02:00
blizzz	df89e7fd39	Merge pull request #32485 from nextcloud/debt/noid/psalm-streamer-fh [Psalm] Fix docblock for addFileFromStream	2022-05-31 14:22:05 +02:00

1 2 3 4

181 commits