nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Robin Appelman	26ae51c4b3	feat: add header with user id in response Signed-off-by: Robin Appelman <robin@icewind.nl>	2025-09-18 18:30:04 +07:00
Ferdinand Thiessen	ba00416040	refactor(Streamer): inject `IDateTimeZone` as constructor arg Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2025-08-14 17:19:28 +07:00
Ferdinand Thiessen	5981b7eb51	chore: apply new CSFixer rules Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> # Conflicts: # apps/settings/lib/SetupChecks/PhpOpcacheSetup.php	2025-07-01 16:26:50 +07:00
skjnldsv	bf3ce79abd	feat(files_sharing): show Account menu on public pages Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2025-06-11 16:43:53 +07:00
Daniel Kesselberg	be587def0e	fix: use correct format for expires, last-modified, and if-modified-since headers Before: Sat, 10 May 2025 18:17:41 +0000 After: Sat, 10 May 2025 18:17:41 GMT RFC: https://httpwg.org/specs/rfc9110.html#http.date Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2025-06-10 13:15:31 +07:00
provokateurin	c3aa5316be	feat(RequestHeader): Add indirect parameter Signed-off-by: provokateurin <kate@provokateurin.de>	2025-06-03 11:09:12 +07:00
provokateurin	727b0c853c	refactor(RequestHeader): Make parameter types stricter Signed-off-by: provokateurin <kate@provokateurin.de>	2025-06-03 11:07:09 +07:00
provokateurin	18e04e1c5a	chore(RequestHeader): Remove unnecessary getters Signed-off-by: provokateurin <kate@provokateurin.de>	2025-06-03 11:06:53 +07:00
provokateurin	ad031188bc	feat(Http): Add RequestHeader attribute Signed-off-by: provokateurin <kate@provokateurin.de>	2025-05-20 13:10:34 +07:00
Ferdinand Thiessen	74bded74a3	refactor: migrate from OC to OCP in public interfaces Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2025-05-15 16:17:47 +07:00
Côme Chilliet	f033ef7c18	fix: Migrate all uses of OCP\Template to OCP\Template\ITemplateManager Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-03-06 15:49:25 +07:00
Côme Chilliet	253628ad5a	fix: Fix psalm issues and add missing methods to ITemplate interface Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-03-06 15:49:25 +07:00
Côme Chilliet	fec865cc29	chore: Correctly flag json encoding methods as escaping html and quotes Especially with JSON_HEX_TAG it’s perfectly fine to echo JSON, and we only use it in JSON output anyway. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-02-17 15:24:07 +07:00
Joas Schilling	c515617377	Merge pull request #50070 from nextcloud/docs/http/cors-attribute docs(HTTP): Add proper docs for CORS attribute	2025-01-09 12:05:28 +07:00
provokateurin	7db694f534	fix(Http): Only allow valid HTTP status code values via template Signed-off-by: provokateurin <kate@provokateurin.de>	2025-01-07 15:45:30 +07:00
provokateurin	11feecf772	docs(HTTP): Add proper docs for CORS attribute Signed-off-by: provokateurin <kate@provokateurin.de>	2025-01-07 15:41:19 +07:00
provokateurin	3624923af2	fix(HTTP): Adjust JSONResponse data type Signed-off-by: provokateurin <kate@provokateurin.de>	2025-01-04 00:58:54 +07:00
Louis Chemineau	a2f2f7ce93	feat: Use inline password confirmation in external storage settings Signed-off-by: Louis Chemineau <louis@chmn.me>	2024-11-28 11:01:54 +07:00
Ferdinand Thiessen	a8f46af20f	chore: Add proper deprecation dates where missing Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-09-20 00:46:03 +07:00
provokateurin	9836e9b164	chore(deps): Update nextcloud/coding-standard to v1.3.1 Signed-off-by: provokateurin <kate@provokateurin.de>	2024-09-19 14:21:20 +07:00
Christopher Ng	4fed8ed891	fix: Fix missing footer on public pages Signed-off-by: Christopher Ng <chrng8@gmail.com>	2024-09-04 16:41:13 +07:00
Ferdinand Thiessen	61d687631b	chore(ExternalShareMenuAction): Remove unused legacy properties Keep them in the constructor to not break the API, but they are not used anymore. This way of adding a share was deprecated in Nextcloud 12 (2016!), in favor of the federated share API, in Nextcloud 28 this way to create a share was removed. So we can cleanup as all it takes now to create a federeated share is the share token + federated user ID. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-09-03 16:07:50 +07:00
Ferdinand Thiessen	4d2556d4cf	refactor(IMenuAction): Make public menu actions use the new Vue UI This removes custom rendering code an replaces it with the declarative menu actions. Also adjust the template to allow the Vue UI to mount. Custom entries still are possible. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-09-03 16:07:49 +07:00
Daniel Kesselberg	af6de04e9e	style: update codestyle for coding-standard 1.2.3 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2024-08-25 19:34:58 +07:00
Ferdinand Thiessen	009761be58	test: Adjust tests for CSP nonce Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-13 10:06:32 +07:00
Ferdinand Thiessen	86f01a3358	fix: Make sure CSP nonce is not double base64 encoded Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-13 09:52:33 +07:00
Christopher Ng	8bbd326143	feat: Allow passing additional encode flags for json response Signed-off-by: Christopher Ng <chrng8@gmail.com>	2024-08-01 09:14:44 +07:00
Christopher Ng	b859260423	feat: Increase max depth of encoded json Signed-off-by: Christopher Ng <chrng8@gmail.com>	2024-08-01 09:14:44 +07:00
Alexander Piskun	b7af6ec200	feat: allow for ExApps to call Admin endpoints marked with specific attr Signed-off-by: Alexander Piskun <bigcat88@icloud.com>	2024-07-18 15:11:39 +07:00
skjnldsv	a65cdd1e70	fix: ARateLimit documentation Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2024-07-12 20:14:30 +07:00
provokateurin	355ef202e4	feat(OpenAPI): Add ex_app scope Signed-off-by: provokateurin <kate@provokateurin.de>	2024-07-02 09:12:48 +07:00
provokateurin	5aefdc399e	feat(AppFramework): Add ExAppRequired attribute Signed-off-by: provokateurin <kate@provokateurin.de>	2024-07-01 14:41:20 +07:00
Andy Scherzinger	dae7c159f7	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2024-05-24 13:11:22 +07:00
provokateurin	db77eab677	fix(AppFramework): Fix error message about 204 not allowing custom headers Signed-off-by: provokateurin <kate@provokateurin.de>	2024-04-08 16:08:44 +07:00
Côme Chilliet	ec5133b739	fix: Apply new coding standard to all files Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2024-04-02 14:16:21 +07:00
Julius Härtl	78ba1b0712	fix: Allow nonce in csp header also if no other reasons are given Signed-off-by: Julius Härtl <jus@bitgrid.net>	2024-03-08 12:11:46 +07:00
provokateurin	df6175ccb1	feat(AppFramework): Add Route attribute Signed-off-by: provokateurin <kate@provokateurin.de>	2024-02-21 12:07:50 +07:00
Joas Schilling	f6b6776c93	fix(API): Use a distinct exception so apps can react to it and customize the return Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-11-28 06:11:57 +07:00
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2023-11-23 10:36:13 +07:00
Ferdinand Thiessen	ecf9f0a872	fix(CSP): Only add `strict-dynamic` when using nonces Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2023-11-17 22:01:02 +07:00
Ferdinand Thiessen	e231abd9bf	fix!(ContentSecurityPolicy): Make `strict-dynamic` enabled by default on `script-src-elem` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2023-11-17 14:42:36 +07:00
Ferdinand Thiessen	7df9eb3351	feat(ContentSecurityPolicy): Allow to set `strict-dynamic` on `script-src-elem` only This adds the possibility to set `strict-dynamic` on `script-src-elem` only while keep the default rules for `script-src`. The idea is to allow loading module js which imports other files and thus does not allow nonces on import but on the initial script tag. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2023-11-17 11:12:57 +07:00
Joas Schilling	ffc1bb774b	feat(openapi): Add OpenAPI attribute to allow multiple scopes and overwriting tags Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-11-03 09:25:11 +07:00
Git'Fellow	066f6ef16c	Stop sending deprecated Pragma header Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>	2023-08-28 15:11:22 +07:00
Robin Appelman	ccf57e0715	add separate event for rendering login page template Signed-off-by: Robin Appelman <robin@icewind.nl>	2023-08-17 10:57:56 +07:00
Daniel Calviño Sánchez	41f2d912d2	Allow "wasm-unsafe-eval" in CSP If a page has a Content Security Policy header and the `script-src` (or `default-src`) directive does not contain neither `wasm-unsafe-eval` nor `unsafe-eval` loading and executing WebAssembly is blocked in the page (although it is still possible to load and execute WebAssembly in a worker thread). Although the Nextcloud classes to manage the CSP already supported allowing `unsafe-eval` this affects not only WebAssembly, but also the `eval` operation in JavaScript. To make possible to allow WebAssembly execution without allowing JavaScript `eval` this commit adds support for allowing `wasm-unsafe-eval`. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	2023-08-10 02:38:41 +07:00
Joas Schilling	1b387bb341	fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalScripts Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-07-27 09:57:52 +07:00
jld3103	2d6a62ccee	Add IgnoreOpenAPI attribute Signed-off-by: jld3103 <jld3103yt@gmail.com>	2023-07-10 14:25:22 +07:00
Christoph Wurst	14719110b9	chore: Replace \OC::$server->query with \OCP\Server::get in /lib Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-07-06 15:21:22 +07:00
jld3103	b0001c6010	Add template types to responses Signed-off-by: jld3103 <jld3103yt@gmail.com>	2023-06-30 09:33:29 +07:00

1 2 3 4

194 Commits (jtr/fix-public-exceptions-http-codes)