Merge pull request #14651 from owncloud/add-some-headers-to-htaccess-for-my-best-friend-jenkins

Let users configure security headers in their Webserver

5 files changed, 4 insertions, 132 deletions

diff --git a/settings/admin.php b/settings/admin.php
index 95940db7282..da25ab55a93 100644
--- a/settings/admin.php
+++ b/settings/admin.php
@@ -58,11 +58,6 @@ $excludedGroupsList = $appConfig->getValue('core', 'shareapi_exclude_groups_list
 $excludedGroupsList = explode(',', $excludedGroupsList); // FIXME: this should be JSON!
 $template->assign('shareExcludedGroupsList', implode('|', $excludedGroupsList));
 
-// Check if connected using HTTPS
-$template->assign('isConnectedViaHTTPS', $request->getServerProtocol() === 'https');
-$template->assign('enforceHTTPSEnabled', $config->getSystemValue('forcessl', false));
-$template->assign('forceSSLforSubdomainsEnabled', $config->getSystemValue('forceSSLforSubdomains', false));
-
 // If the current web root is non-empty but the web root from the config is,
 // and system cron is used, the URL generator fails to build valid URLs.
 $shouldSuggestOverwriteCliUrl = $config->getAppValue('core', 'backgroundjobs_mode', 'ajax') === 'cron' &&
diff --git a/settings/controller/securitysettingscontroller.php b/settings/controller/securitysettingscontroller.php
index af60df8dc3b..50e70ebb70e 100644
--- a/settings/controller/securitysettingscontroller.php
+++ b/settings/controller/securitysettingscontroller.php
@@ -43,43 +43,6 @@ class SecuritySettingsController extends Controller {
 	}
 
 	/**
-	 * @return array
-	 */
-	protected function returnError() {
-		return array(
-			'status' => 'error'
-		);
-	}
-
-	/**
-	 * Enforce or disable the enforcement of SSL
-	 * @param boolean $enforceHTTPS Whether SSL should be enforced
-	 * @return array
-	 */
-	public function enforceSSL($enforceHTTPS = false) {
-		if(!is_bool($enforceHTTPS)) {
-			return $this->returnError();
-		}
-		$this->config->setSystemValue('forcessl', $enforceHTTPS);
-
-		return $this->returnSuccess();
-	}
-
-	/**
-	 * Enforce or disable the enforcement for SSL on subdomains
-	 * @param bool $forceSSLforSubdomains Whether SSL on subdomains should be enforced
-	 * @return array
-	 */
-	public function enforceSSLForSubdomains($forceSSLforSubdomains = false) {
-		if(!is_bool($forceSSLforSubdomains)) {
-			return $this->returnError();
-		}
-		$this->config->setSystemValue('forceSSLforSubdomains', $forceSSLforSubdomains);
-
-		return $this->returnSuccess();
-	}
-
-	/**
 	 * Add a new trusted domain
 	 * @param string $newTrustedDomain The newly to add trusted domain
 	 * @return array
diff --git a/settings/js/admin.js b/settings/js/admin.js
index 34bc2466048..9fe4226827c 100644
--- a/settings/js/admin.js
+++ b/settings/js/admin.js
@@ -75,32 +75,6 @@ $(document).ready(function(){
 		$('#setDefaultExpireDate').toggleClass('hidden', !(this.checked && $('#shareapiDefaultExpireDate')[0].checked));
 	});
 
-	$('#forcessl').change(function(){
-		$(this).val(($(this).val() !== 'true'));
-		var forceSSLForSubdomain = $('#forceSSLforSubdomainsSpan');
-
-		$.post(OC.generateUrl('settings/admin/security/ssl'), {
-			enforceHTTPS: $(this).val()
-		},function(){} );
-
-		if($(this).val() === 'true') {
-			forceSSLForSubdomain.prop('disabled', false);
-			forceSSLForSubdomain.removeClass('hidden');
-		} else {
-			forceSSLForSubdomain.prop('disabled', true);
-			forceSSLForSubdomain.addClass('hidden');
-		}
-	});
-
-	$('#forceSSLforSubdomains').change(function(){
-		$(this).val(($(this).val() !== 'true'));
-
-		$.post(OC.generateUrl('settings/admin/security/ssl/subdomains'), {
-			forceSSLforSubdomains: $(this).val()
-		},function(){} );
-	});
-
-
 	$('#mail_smtpauth').change(function() {
 		if (!this.checked) {
 			$('#mail_credentials').addClass('hidden');
@@ -158,9 +132,10 @@ $(document).ready(function(){
 	// run setup checks then gather error messages
 	$.when(
 		OC.SetupChecks.checkWebDAV(),
-		OC.SetupChecks.checkSetup()
-	).then(function(check1, check2) {
-		var errors = [].concat(check1, check2);
+		OC.SetupChecks.checkSetup(),
+		OC.SetupChecks.checkGeneric()
+	).then(function(check1, check2, check3) {
+		var errors = [].concat(check1, check2, check3);
 		var $el = $('#postsetupchecks');
 		var $errorsEl;
 		$el.find('.loading').addClass('hidden');
diff --git a/settings/routes.php b/settings/routes.php
index 942d9b0fb28..ea49cc24eb7 100644
--- a/settings/routes.php
+++ b/settings/routes.php
@@ -20,8 +20,6 @@ $application->registerRoutes($this, array(
 		array('name' => 'MailSettings#sendTestMail', 'url' => '/settings/admin/mailtest', 'verb' => 'POST'),
 		array('name' => 'AppSettings#listCategories', 'url' => '/settings/apps/categories', 'verb' => 'GET'),
 		array('name' => 'AppSettings#listApps', 'url' => '/settings/apps/list', 'verb' => 'GET'),
-		array('name' => 'SecuritySettings#enforceSSL', 'url' => '/settings/admin/security/ssl', 'verb' => 'POST'),
-		array('name' => 'SecuritySettings#enforceSSLForSubdomains', 'url' => '/settings/admin/security/ssl/subdomains', 'verb' => 'POST'),
 		array('name' => 'SecuritySettings#trustedDomains', 'url' => '/settings/admin/security/trustedDomains', 'verb' => 'POST'),
 		array('name' => 'Users#setMailAddress', 'url' => '/settings/users/{id}/mailAddress', 'verb' => 'PUT'),
 		array('name' => 'LogSettings#setLogLevel', 'url' => '/settings/admin/log/level', 'verb' => 'POST'),
diff --git a/settings/templates/admin.php b/settings/templates/admin.php
index 1608aa8123b..b6326108bf6 100644
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -66,20 +66,6 @@ if ($_['mail_smtpmode'] == 'qmail') {
 <div id="security-warning">
 <?php
 
-// is ssl working ?
-if (!$_['isConnectedViaHTTPS']) {
-	?>
-<div class="section">
-	<h2><?php p($l->t('Security Warning'));?></h2>
-
-	<span class="securitywarning">
-		<?php p($l->t('You are accessing %s via HTTP. We strongly suggest you configure your server to require using HTTPS instead.', $theme->getTitle())); ?>
-	</span>
-
-</div>
-<?php
-}
-
 // is read only config enabled
 if ($_['readOnlyConfigEnabled']) {
 ?>
@@ -370,51 +356,6 @@ if ($_['cronErrors']) {
 			</p>
 </div>
 
-<div class="section" id="security">
-	<h2><?php p($l->t('Security'));?></h2>
-	<p>
-		<input type="checkbox" name="forcessl"  id="forcessl"
-			<?php if ($_['enforceHTTPSEnabled']) {
-				print_unescaped('checked="checked" ');
-				print_unescaped('value="true"');
-			}  else {
-				print_unescaped('value="false"');
-			}
-			?>
-			<?php if (!$_['isConnectedViaHTTPS']) p('disabled'); ?> />
-		<label for="forcessl"><?php p($l->t('Enforce HTTPS'));?></label><br/>
-		<em><?php p($l->t(
-			'Forces the clients to connect to %s via an encrypted connection.',
-			$theme->getName()
-		)); ?></em><br/>
-		<span id="forceSSLforSubdomainsSpan" <?php if(!$_['enforceHTTPSEnabled']) { print_unescaped('class="hidden"'); } ?>>
-			<input type="checkbox" name="forceSSLforSubdomains"  id="forceSSLforSubdomains"
-				<?php if ($_['forceSSLforSubdomainsEnabled']) {
-					print_unescaped('checked="checked" ');
-					print_unescaped('value="true"');
-				}  else {
-					print_unescaped('value="false"');
-				}
-				?>
-				<?php if (!$_['isConnectedViaHTTPS']) { p('disabled'); } ?> />
-			<label for="forceSSLforSubdomains"><?php p($l->t('Enforce HTTPS for subdomains'));?></label><br/>
-			<em><?php p($l->t(
-					'Forces the clients to connect to %s and subdomains via an encrypted connection.',
-					$theme->getName()
-				)); ?></em>
-		</span>
-		<?php if (!$_['isConnectedViaHTTPS']) {
-			print_unescaped("<br/><em>");
-			p($l->t(
-				'Please connect to your %s via HTTPS to enable or disable the SSL enforcement.',
-				$theme->getName()
-			));
-			print_unescaped("</em>");
-		}
-		?>
-	</p>
-</div>
-
 <div class="section">
 	<form id="mail_general_settings" class="mail_settings">
 		<h2><?php p($l->t('Email Server'));?></h2>