nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Ferdinand Thiessen	61d687631b	chore(ExternalShareMenuAction): Remove unused legacy properties Keep them in the constructor to not break the API, but they are not used anymore. This way of adding a share was deprecated in Nextcloud 12 (2016!), in favor of the federated share API, in Nextcloud 28 this way to create a share was removed. So we can cleanup as all it takes now to create a federeated share is the share token + federated user ID. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	1 year ago
Ferdinand Thiessen	4d2556d4cf	refactor(IMenuAction): Make public menu actions use the new Vue UI This removes custom rendering code an replaces it with the declarative menu actions. Also adjust the template to allow the Vue UI to mount. Custom entries still are possible. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	1 year ago
Daniel Kesselberg	af6de04e9e	style: update codestyle for coding-standard 1.2.3 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	1 year ago
Ferdinand Thiessen	009761be58	test: Adjust tests for CSP nonce Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	1 year ago
Ferdinand Thiessen	86f01a3358	fix: Make sure CSP nonce is not double base64 encoded Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	1 year ago
Christopher Ng	8bbd326143	feat: Allow passing additional encode flags for json response Signed-off-by: Christopher Ng <chrng8@gmail.com>	1 year ago
Christopher Ng	b859260423	feat: Increase max depth of encoded json Signed-off-by: Christopher Ng <chrng8@gmail.com>	1 year ago
Alexander Piskun	b7af6ec200	feat: allow for ExApps to call Admin endpoints marked with specific attr Signed-off-by: Alexander Piskun <bigcat88@icloud.com>	1 year ago
skjnldsv	a65cdd1e70	fix: ARateLimit documentation Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	1 year ago
provokateurin	355ef202e4	feat(OpenAPI): Add ex_app scope Signed-off-by: provokateurin <kate@provokateurin.de>	2 years ago
provokateurin	5aefdc399e	feat(AppFramework): Add ExAppRequired attribute Signed-off-by: provokateurin <kate@provokateurin.de>	2 years ago
Andy Scherzinger	dae7c159f7	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2 years ago
provokateurin	db77eab677	fix(AppFramework): Fix error message about 204 not allowing custom headers Signed-off-by: provokateurin <kate@provokateurin.de>	2 years ago
Côme Chilliet	ec5133b739	fix: Apply new coding standard to all files Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2 years ago
Julius Härtl	78ba1b0712	fix: Allow nonce in csp header also if no other reasons are given Signed-off-by: Julius Härtl <jus@bitgrid.net>	2 years ago
provokateurin	df6175ccb1	feat(AppFramework): Add Route attribute Signed-off-by: provokateurin <kate@provokateurin.de>	2 years ago
Joas Schilling	f6b6776c93	fix(API): Use a distinct exception so apps can react to it and customize the return Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2 years ago
Ferdinand Thiessen	ecf9f0a872	fix(CSP): Only add `strict-dynamic` when using nonces Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2 years ago
Ferdinand Thiessen	e231abd9bf	fix!(ContentSecurityPolicy): Make `strict-dynamic` enabled by default on `script-src-elem` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2 years ago
Ferdinand Thiessen	7df9eb3351	feat(ContentSecurityPolicy): Allow to set `strict-dynamic` on `script-src-elem` only This adds the possibility to set `strict-dynamic` on `script-src-elem` only while keep the default rules for `script-src`. The idea is to allow loading module js which imports other files and thus does not allow nonces on import but on the initial script tag. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2 years ago
Joas Schilling	ffc1bb774b	feat(openapi): Add OpenAPI attribute to allow multiple scopes and overwriting tags Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Git'Fellow	066f6ef16c	Stop sending deprecated Pragma header Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>	2 years ago
Robin Appelman	ccf57e0715	add separate event for rendering login page template Signed-off-by: Robin Appelman <robin@icewind.nl>	2 years ago
Daniel Calviño Sánchez	41f2d912d2	Allow "wasm-unsafe-eval" in CSP If a page has a Content Security Policy header and the `script-src` (or `default-src`) directive does not contain neither `wasm-unsafe-eval` nor `unsafe-eval` loading and executing WebAssembly is blocked in the page (although it is still possible to load and execute WebAssembly in a worker thread). Although the Nextcloud classes to manage the CSP already supported allowing `unsafe-eval` this affects not only WebAssembly, but also the `eval` operation in JavaScript. To make possible to allow WebAssembly execution without allowing JavaScript `eval` this commit adds support for allowing `wasm-unsafe-eval`. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	2 years ago
Joas Schilling	1b387bb341	fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalScripts Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
jld3103	2d6a62ccee	Add IgnoreOpenAPI attribute Signed-off-by: jld3103 <jld3103yt@gmail.com>	3 years ago
Christoph Wurst	14719110b9	chore: Replace \OC::$server->query with \OCP\Server::get in /lib Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
jld3103	b0001c6010	Add template types to responses Signed-off-by: jld3103 <jld3103yt@gmail.com>	3 years ago
Christoph Wurst	08a3f37695	chore(appframework)!: Drop \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Git'Fellow	5b5895a130	Drop meta robots tag Revert mistake Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>	3 years ago
Joas Schilling	5b2d5767e1	fix(docs): Fix language and copy-paste class name in docs of CSP Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Joas Schilling	ecb8b55c5c	feat(security): Add PHP \Attribute for remaining security annotations Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Joas Schilling	89c3c31402	feat(ratelimit): Add Attributes support to rate limit middleware Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Joas Schilling	e839eb9b5c	feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute and allow multiple Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
MichaIng	5f90b8eb11	Change X-Robots-Tag header from "none" to "noindex, nofollow" While "none" is indeed equivalent to "noindex, nofollow" for Google, but seems to be not supported by Bing and probably other search engines. https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name#other_metadata_names https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag?hl=de#comma-separated-list https://www.bing.com/webmasters/help/which-robots-metatags-does-bing-support-5198d240 Signed-off-by: MichaIng <micha@dietpi.com>	3 years ago
Christoph Wurst	20e00cdf17	feat(app-framework): Add UseSession attribute to replace annotation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	3 years ago
Joas Schilling	82b98b4b9b	Fix typo in deprecated Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Daniel	c55ae98a3f	Add description for public and immutable Co-authored-by: Carl Schwan <carl@carlschwan.eu> Signed-off-by: Daniel <mail@danielkesselberg.de>	3 years ago
Daniel Kesselberg	855ef21883	Update docblock for cacheFor Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	3 years ago
Julius Härtl	3901a93c72	Use JSON_THROW_ON_ERROR instead of custom error handling Signed-off-by: Julius Härtl <jus@bitgrid.net>	4 years ago
Daniel Kesselberg	be99ea969e	Fix type for resource Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	4 years ago
Joas Schilling	ad908cd87a	Make appName of TemplateResponse accessible in BeforeTemplateRenderedEvent Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Daniel Kesselberg	7cd356ee7d	Fix psalm warning for zip response due wrong type Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	4 years ago
Vincent Petry	18c013d8fc	Add CSP policy merge priority for booleans When two booleans conflict when merging CSP policies, true will win. Signed-off-by: Vincent Petry <vincent@nextcloud.com>	4 years ago
Julius Härtl	bd03dd37be	Allow to set a strict-dynamic CSP through the API Signed-off-by: Julius Härtl <jus@bitgrid.net>	4 years ago
Carl Schwan	7dddbd0c35	Improve caching policy * Cache css with version in url. This makes most js and css requests to be cached by the browser * Force caching previews, the etag is in the url so that if the propfind gives a new etag, we will refresh it otherwise it's no use to try to fetch the new etag and do tons of DB queries Tested with firefox and 'debug' => false (important so that the js/css urls are generated with ?v= parameter) Signed-off-by: Carl Schwan <carl@carlschwan.eu>	4 years ago
Robin Appelman	c712987878	send request id in response header Signed-off-by: Robin Appelman <robin@icewind.nl>	4 years ago
Carl Schwan	28970563a2	Remove some mentions of ownCloud from our api documentation Signed-off-by: Carl Schwan <carl@carlschwan.eu>	4 years ago

1 2 3 4

173 Commits (d92bf388b1c553ecd6bfb2a7400b990dcafe9c54)