Lukas Reschke 8313a3fcb3 Add mitigation against BREACH ... While BREACH requires the following three factors to be effectively exploitable we should add another mitigation: 1. Application must support HTTP compression 2. Response most reflect user-controlled input 3. Response should contain sensitive data Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed. To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.		2015-08-14 01:31:32 +02:00
..
ContentSecurityPolicyTest.php	add unit test for data: as allowed image domain	2015-08-07 12:14:30 +02:00
DataResponseTest.php	add more unit tests for data: as allowed image domain	2015-08-10 12:42:42 +02:00
DispatcherTest.php	Add mitigation against BREACH	2015-08-14 01:31:32 +02:00
DownloadResponseTest.php	Make remaining files extend the test base	2014-11-19 14:53:59 +01:00
HttpTest.php	Make remaining files extend the test base	2014-11-19 14:53:59 +01:00
JSONResponseTest.php	Check if response could get generated	2015-07-02 11:42:51 +02:00
OCSResponseTest.php	Remove duplicate and unused code	2015-08-03 21:03:11 +02:00
RedirectResponseTest.php	Make remaining files extend the test base	2014-11-19 14:53:59 +01:00
requeststream.php	Implement PUT an PATCH support	2013-10-01 20:13:13 +02:00
RequestTest.php	Add mitigation against BREACH	2015-08-14 01:31:32 +02:00
ResponseTest.php	add more unit tests for data: as allowed image domain	2015-08-10 12:42:42 +02:00
StreamResponseTest.php	AppFramework StreamResponse	2015-02-27 15:42:33 +01:00
TemplateResponseTest.php	Make remaining files extend the test base	2014-11-19 14:53:59 +01:00