nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Julius Härtl	98198e042e	Make sure we properly ass well-known paths to index.php Signed-off-by: Julius Härtl <jus@bitgrid.net>	4 years ago
Christoph Wurst	6995223b1e	Add well known handlers API Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
zertrin	af5380f5a8	Fix security header setting in .htaccess by adding 'onsuccess unset' The headers might already be set by the system administrator at the http server level (apache or nginx) for some or all virtualhosts. Using "always set" in the .htaccess of Nextcloud leads to the situation where the headers might be set twice (once in the default 'onsuccess' table and once in the 'always' table)! Which leads to warnings in the admin area. Adding "onsuccess unset" solves the problem, and forces the header in the 'onsucess' table to be unset, and the header in the 'always' table to be set. NOTE: with this change, Nextcloud overrides whatever the system administrator might have already set See github issues #16893 #16476 #16938 #18017 and discussion in PR #19002 Signed-off-by: zertrin <zertrin@gmail.com>	5 years ago
Maxence Lange	bf408c58c2	+nodeinfo public service Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	5 years ago
J0WI	1b074f48d8	Remove duplicated spaces Signed-off-by: J0WI <J0WI@users.noreply.github.com>	5 years ago
J0WI	bd9403d3da	Use "always" condition for security headers Signed-off-by: J0WI <J0WI@users.noreply.github.com>	5 years ago
J0WI	3f2932c75a	Sort headers Signed-off-by: J0WI <J0WI@users.noreply.github.com>	5 years ago
J0WI	76cbd7db6e	Add X-Frame-Options header to .htaccess Signed-off-by: J0WI <J0WI@users.noreply.github.com>	5 years ago
tobiasKaminsky	efa0733b04	wip Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>	5 years ago
tobiasKaminsky	b81fb182b3	wip Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>	5 years ago
Joas Schilling	c6a69ba925	Remove the upload and memory setting * Remove unneeded private method phpFileSize() * Bump autoloader * Remove setUploadLimit tests * Remove integrity check hacks for upload limit Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Morris Jobke <hey@morrisjobke.de>	6 years ago
Morris Jobke	92b5743bf4	Remove unused php5 config from .htaccess Signed-off-by: Morris Jobke <hey@morrisjobke.de>	6 years ago
Ido Green	c320f48599	cleaning after comments on issue 10825 More: https://github.com/nextcloud/server/pull/10825#issuecomment-415800850 Signed-off-by: Ido Green <greenido@gmail.com>	6 years ago
Ido Green	c794452689	fixing issue 9931 - copy a file to the same directory Signed-off-by: Ido Green <greenido@gmail.com> Signed-off-by: Morris Jobke <hey@morrisjobke.de>	6 years ago
Julius Härtl	b9f2ce2796	Fix loading of .woff2 files in .htaccess Signed-off-by: Julius Härtl <jus@bitgrid.net>	6 years ago
Patrik Kernstock	8cdd906d66	Add "Referrer-Policy" to htaccess file, addresses issue #11099 Signed-off-by: Patrik Kernstock <info@pkern.at>	6 years ago
Maxence Lange	6642efa7f4	adding .well-known/webfinger Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	6 years ago
Dan Callahan	8797590099	Correct mistaken regex wildcard in .htaccess Fixes #8578 Signed-off-by: Dan Callahan <dan.callahan@gmail.com>	7 years ago
Robert Scheck	7583615bab	Handle SSL certificate verifications for others than Let's Encrypt Do no longer (wrongly) rewrite URLs like * http://example.net/.well-known/pki-validation/file.txt (Comodo) * http://example.net/.well-known/pki-validation/fileauth.txt (DigiCert, Thawte, GeoTrust) * http://example.net/.well-known/pki-validation/gsdv.txt (GlobalSign) * http://example.net/.well-known/pki-validation/starfield.htm (Starfield, GoDaddy) * http://example.net/.well-known/pki-validation/swisssign-check.txt (SwissSign) for automated SSL certificate verifications. All (common commercial) certificate authorities (CA) except Let's Encrypt (via ACME) seem to use "pki-validation" rather "acme-challenge" for their domain control validation (DCV). Signed-off-by: Robert Scheck <robert@fedoraproject.org>	7 years ago
Abijeet	ac14d02e1e	Added newline to end of htaccess file Signed-off-by: Abijeet <abijeetpatro@gmail.com>	7 years ago
Abijeet	ec28c54dbc	Adds search by email function on the users screen. Fixes #7175. - Updated the query to fetch the users in users > everyone tab. - Updated the query to fetch the users in users > admin tab. - Tested to ensure that the disabled users are also being fetched. - Added test cases. Signed-off-by: Abijeet <abijeetpatro@gmail.com>	7 years ago
Roeland Jago Douma	88299ec27c	Added to public interface Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	7dcc98eb20	Add owner to access list Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Lukas Reschke	bff6c8aafc	Move X-Frame-Options into PHP The public calendar view should be embeddable and we can't do that if the .htaccess sets a global X-Frame-Options. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	8 years ago
Flole998	075d39e61a	Fix for Win Clients sometimes not connecting Fix for Win Clients sometimes not connecting	8 years ago
Jörn Friedrich Dreyer	9802c5cdd8	Cache js, css and woff files for a week (#26591 ) increases the cache duration for css and js files from 2 hours to half a year. Should they change the versionhash changes as well and a new file is fetched. Half a year should be long enough for oc updates. Also allows caching woff files for 7 days. Currently, there is no versionhash available, but pressing F5 will also refresh the woff files.	8 years ago
Joas Schilling	a3c8534b7b	Make sure memory limit is > post size and upload filesize	8 years ago
Lukas Reschke	35743c187d	Also cache WOFF, SVG and GIF	8 years ago
Thomas Müller	bfcd1dc49c	Filter confidential calendar objects in shared calendars Filter private calendar objects in shared calendars	9 years ago
Thomas Müller	082f456b8b	Added unit testing for the migration step	9 years ago
Martin	1059315e09	.htaccess update making two rules non-capturing	9 years ago
Roeland Jago Douma	abe338f433	Store user bucket in preferences	9 years ago
Roeland Jago Douma	e03e4921a0	Fix Name	9 years ago
Lukas Reschke	52add798d4	Do not automatically try to enable index.php-less URLs (#24539 ) The current logic for mod_rewrite relies on the fact that people have properly configured ownCloud, basically it reads from the `overwrite.cli.ur l` entry and then derives the `RewriteBase` from it. This usually works. However, since the ownCloud packages seem to install themselves at `/owncloud` (because subfolders are cool or so…) _a lot_ of people have just created a new Virtual Host for it or have simply symlinked the path etc. This means that `overwrite.cli.url` is wrong, which fails hard if it is used as RewriteBase since Apache does not know where it should serve files from. In the end the ownCloud instance will not be accessible anymore and users will be frustrated. Also some shared hosters like 1&1 (because using shared hosters is so awesome… ;-)) have somewhat dubious Apache configurations or use versions of mod_rewrite from the mediveal age. (because updating is money or so…) Anyhow. This makes this explicitly an opt-in configuration flag. If `htaccess.RewriteBase` is set then it will configure index.php-less URLs, if admins set that after installation and don't want to wait until the next ownCloud version they can run `occ maintenance:update:htaccess`. For ownCloud 9.0 we also have to add a repair step to make sure that instances that already have a RewriteBase configured continue to use it by copying it into the config file. That way all existing URLs stay valid. That one is not in this PR since this is unneccessary in master. Effectively this reduces another risk of breakage when updating from ownCloud 8 to ownCloud 9. Fixes https://github.com/owncloud/core/issues/24525, https://github.com/owncloud/core/issues/24426 and probably some more.	9 years ago
Lukas Reschke	24abe1e1e1	Use raw PATH_INFO PATH_INFO will be empty at this point and thus the logic in base.php did not catch this. Changing this to "getRawPathInfo" will ensure that the path info is properly read. Fixes https://github.com/owncloud/core/issues/23199	9 years ago
Lukas Reschke	ee84017192	always_populate_raw_post_data has been removed with PHP 7.0	9 years ago
Lukas Reschke	2cfde7cd0b	Duplicate block for PHP 7	9 years ago
Stephan Köninger	73a7c45dd4	Allow jpg files to be statically served When using an background image in themes of type JPG, the current setting of owncloud's htaccess file does not allow to deliver these kinds of images as static content. Adding the file extensions as done in this commit, it works flawlessly.	9 years ago
Lukas Reschke	bc4a043a76	Add base rewrite rule only when RewriteBase is defined In case Apache is configured with an `Alias` such as with the ownCloud packages the rewrite rules will fail when no valid RewriteBase is configured.	9 years ago
Lukas Reschke	0a624c0f1e	Exclude ocs-provider from rewrite rule Otherwise `localhost/ocs-provider/` cannot be accessed if mod_rewrite is install ed. Only affects master.	9 years ago
Victor Dubiniuk	4ced903427	Do not rewrite updater requests	9 years ago
Lukas Reschke	4d0dcd3c53	Add X-Download-Options and X-Permitted-Cross-Domain-Policies Two small security hardenings for our IE users and those with Adobe products. Aligns it more with https://github.com/twitter/secureheaders#secureheaders---	9 years ago
Lukas Reschke	28165876fc	Remove CSP stuff from .htaccess 😢 Seems like Apache is inconsistent fun between versions. Let's remove it thus for now.	9 years ago
Jörn Friedrich Dreyer	047008e9e3	always check if the csp is empty	9 years ago
Lukas Reschke	1ae30d1d9c	Use setifempty to please incompatible httpd versions Some httpd versions have problem with the old logic leading to resourced served with multiple headers.	9 years ago
Morris Jobke	2f53866668	Allow ico files to be served statically	9 years ago
mbi	1aff941be6	Do not rewrite letsencrypt .well-known URI	9 years ago
Lukas Reschke	235094ab54	Remove version check out of .htaccess This can now be achieved using the new code signing.	9 years ago
Lukas Reschke	3bce1b20fe	Add DirectorySlash to dynamic .htaccess write When `DirectorySlash off` is set then Apache will not lookup folders anymore. This is required for example when we use the rewrite directives on an existing path such as `/core/search`. By default Apache would load `/core/search/` instead `/core/search` so the redirect would fail here. This leads however to the problem that URLs such as `localhost/owncloud` would not load anymore while `localhost/owncloud/` would. This has caused problems such as https://github.com/owncloud/core/pull/21015 With this change we add the `DirectorySlash off` directive only when the `.htaccess` is writable to the dynamic part of it. This would also make `localhost/owncloud` work again as it would trigger the 404 directive which triggers the redirect in base.php.	9 years ago
Lukas Reschke	37efc1d1e1	Allow .ico files Makes `/core/img/favicon.ico` accessible again via web.	9 years ago

1 2 3

126 Commits (b4d6d8a70d86460a4e622a6ff25cbf231f3ac462)