nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Joas Schilling	9ed3ab7d87	test(request): Add tests to strip the port when forwarding requests Signed-off-by: Joas Schilling <coding@schilljs.com>	2024-02-13 16:51:13 +07:00
Arthur Schiwon	216b95f8b1	test(unit): fix RequestTest Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-01-27 15:11:26 +07:00
Joas Schilling	f6b6776c93	fix(API): Use a distinct exception so apps can react to it and customize the return Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-11-28 06:11:57 +07:00
Arthur Schiwon	3fa43a529b	enh(dispatcher): enforce psalm ranges in the http dispatcher - allows devs to provide int ranges for API arguments Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2023-11-24 12:46:38 +07:00
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2023-11-23 10:36:13 +07:00
Ferdinand Thiessen	ecf9f0a872	fix(CSP): Only add `strict-dynamic` when using nonces Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2023-11-17 22:01:02 +07:00
Ferdinand Thiessen	e231abd9bf	fix!(ContentSecurityPolicy): Make `strict-dynamic` enabled by default on `script-src-elem` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2023-11-17 14:42:36 +07:00
Ferdinand Thiessen	7df9eb3351	feat(ContentSecurityPolicy): Allow to set `strict-dynamic` on `script-src-elem` only This adds the possibility to set `strict-dynamic` on `script-src-elem` only while keep the default rules for `script-src`. The idea is to allow loading module js which imports other files and thus does not allow nonces on import but on the initial script tag. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2023-11-17 11:12:57 +07:00
Joas Schilling	2fa78f6245	Reverse X-Forwarded-For list to read the correct proxy remote address Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-11-16 07:45:19 +07:00
Git'Fellow	066f6ef16c	Stop sending deprecated Pragma header Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>	2023-08-28 15:11:22 +07:00
Daniel Calviño Sánchez	41f2d912d2	Allow "wasm-unsafe-eval" in CSP If a page has a Content Security Policy header and the `script-src` (or `default-src`) directive does not contain neither `wasm-unsafe-eval` nor `unsafe-eval` loading and executing WebAssembly is blocked in the page (although it is still possible to load and execute WebAssembly in a worker thread). Although the Nextcloud classes to manage the CSP already supported allowing `unsafe-eval` this affects not only WebAssembly, but also the `eval` operation in JavaScript. To make possible to allow WebAssembly execution without allowing JavaScript `eval` this commit adds support for allowing `wasm-unsafe-eval`. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	2023-08-10 02:38:41 +07:00
Joas Schilling	2c6f32cb28	feat(request): Allow to match the client version with the IRequest::USER_AGENT_* regex Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-07-11 07:35:50 +07:00
jld3103	b0001c6010	Add template types to responses Signed-off-by: jld3103 <jld3103yt@gmail.com>	2023-06-30 09:33:29 +07:00
Christoph Wurst	08a3f37695	chore(appframework)!: Drop \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-06-12 10:03:59 +07:00
Côme Chilliet	8d5165e8dc	Adapt tests to config value typing Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-04-05 17:42:14 +07:00
MichaIng	5f90b8eb11	Change X-Robots-Tag header from "none" to "noindex, nofollow" While "none" is indeed equivalent to "noindex, nofollow" for Google, but seems to be not supported by Bing and probably other search engines. https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name#other_metadata_names https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag?hl=de#comma-separated-list https://www.bing.com/webmasters/help/which-robots-metatags-does-bing-support-5198d240 Signed-off-by: MichaIng <micha@dietpi.com>	2023-02-15 20:16:51 +07:00
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-01-20 11:45:08 +07:00
Christoph Wurst	20fcfb5739	feat(app framework)!: Inject services into controller methods Usually Nextcloud DI goes through constructor injection. This has the implication that each instance of a class builds the full DI tree. That is the injected services, their services, etc. Occasionally there is a service that is only needed for one controller method. Then the DI tree is build regardless if used or not. If services are injected into the method, we only build the DI tree if that method gets executed. This is also how Laravel allows injection. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-18 14:00:38 +07:00
Stanimir Bozhilov	7dcd6eb561	Merge branch 'master' into add-scim-json-support Signed-off-by: Stanimir Bozhilov <stanimir.bozhilov.1998@gmail.com>	2022-12-19 09:07:38 +07:00
Vincent Petry	ae6fe874ed	Merge pull request #35780 from nextcloud/fix/http-dispatcher-double-parameter-cast Fix missing cast of double controller parameters	2022-12-16 16:18:35 +07:00
Christoph Wurst	b6dd1a1d7b	fix(app framework): Fix missing cast of double controller parameters ``settype`` allows 'double' as alias of 'float'. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2022-12-15 09:33:52 +07:00
Artur Neumann	81f2857f34	check if params given to API are really an array Signed-off-by: Artur Neumann <artur@jankaritech.com>	2022-12-15 13:45:22 +07:00
Côme Chilliet	68363f6944	Fix some more problems with tests under PHP 8.2 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2022-11-15 16:02:24 +07:00
Stanimir Bozhilov	46c10c77e1	Fix the JSON content type regex to match all MIME types Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>	2022-09-26 11:51:44 +07:00
Stanimir Bozhilov	f7d51a39cf	Add unit tests for application/scim+json content type Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>	2022-09-20 16:19:05 +07:00
Simon Leiner	09362eaeaa	Support specifying IPv6 proxies in CIDR notation Previously, it was not possible to use CIDR notation for IPv6 proxies in the trusted_proxies parameter of config.php [1]. This patch adds support for that. [1]: https://docs.nextcloud.com/server/24/admin_manual/configuration_server/reverse_proxy_configuration.html#defining-trusted-proxies Signed-off-by: Simon Leiner <simon@leiner.me>	2022-08-02 17:36:47 +07:00
Côme Chilliet	1bd5222224	Fix PHP 8.2 warnings about undeclared properties Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2022-06-21 16:17:52 +07:00
Côme Chilliet	c7e1c36362	Remove at matcher uses in tests/lib Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2022-06-16 17:43:17 +07:00
Julius Härtl	3901a93c72	Use JSON_THROW_ON_ERROR instead of custom error handling Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-05-30 19:17:49 +07:00
Joas Schilling	0acd4b5f82	Merge pull request #31235 from nextcloud/techdebt/noid/extract-request-id Extract request id handling to dedicated class so it can be injected without DB dependency	2022-03-22 12:08:45 +07:00
Julius Härtl	bd03dd37be	Allow to set a strict-dynamic CSP through the API Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-03-09 15:10:27 +07:00
Julius Härtl	2dd96fe8da	Fix tests Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-02-28 11:24:41 +07:00
Joas Schilling	cc6653e45c	Adjust and add unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-02-23 11:01:58 +07:00
Robin Appelman	c712987878	send request id in response header Signed-off-by: Robin Appelman <robin@icewind.nl>	2022-02-01 14:24:01 +07:00
Carl Schwan	6312c0df69	Check style update Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-01-13 00:19:07 +07:00
Côme Chilliet	3a1b3745eb	Fix DateTime constructor calls with null Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2021-11-23 09:28:58 +07:00
Lukas Reschke	377514aad1	Escape filename in Content-Disposition We should escape all occurences of ' and \ in here. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-06-02 19:22:17 +07:00
Roeland Jago Douma	9163790b7c	Set frame-ancestors to none if none are filled frame-ancestors doesn't fall back to default-src. So when we apply a very restricted CSP we should make sure to set it to 'none' and not leave it empty. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-11-18 10:13:36 +07:00
Roeland Jago Douma	fa6a790859	Remove deprecated OCSResponse Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-11-01 14:12:27 +07:00
Christoph Wurst	d9015a8c94	Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-10-05 20:25:24 +07:00
Joas Schilling	95a301ea57	Fix tests Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-10-02 10:37:18 +07:00
Morris Jobke	234b510652	Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2020-08-12 13:55:19 +07:00
Morris Jobke	0123cd0ae3	Use assertStringContainsString instead of assertContains on strings Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2020-07-23 17:11:29 +07:00
Joas Schilling	74a9cadc50	Fix IPv6 remote addresses from X_FORWARDED_FOR headers before validating Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-07-02 11:13:13 +07:00
Joas Schilling	b7060be18d	Fix robots "noindex, nofollow" signals Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-06-25 08:29:43 +07:00
blizzz	859941db32	Merge pull request #21479 from nextcloud/fix/21474/allow_specifying_cookie_type Allow to specify the cookie type for appframework responses	2020-06-22 13:00:12 +07:00
Roeland Jago Douma	fbf9772a3e	Allow to specify the cookie type for appframework responses In general it is good to set them to Lax. But also to give devs more control over them is not a bad thing. Helps with #21474 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-06-22 08:38:44 +07:00
Roeland Jago Douma	c006b5ff2a	Fix unit test of the ResponseTest Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-06-21 09:44:56 +07:00
Roeland Jago Douma	7c15c63b05	Merge pull request #20939 from nextcloud/enh/middleware/not_modified Move not modified check to the middleware	2020-05-13 09:04:56 +07:00
Roeland Jago Douma	12fa748c49	Move the notmodified check to middleware where it belongs Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-05-13 08:11:24 +07:00

1 2 3

111 Commits (cfaaff140ef1c6ba5fa385cffaa595fa79bc1efd)