summaryrefslogtreecommitdiffstats
path: root/core/js/setupchecks.js
diff options
context:
space:
mode:
Diffstat (limited to 'core/js/setupchecks.js')
-rw-r--r--core/js/setupchecks.js11
1 files changed, 4 insertions, 7 deletions
diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js
index 794bf36a8ff..33ba31f049f 100644
--- a/core/js/setupchecks.js
+++ b/core/js/setupchecks.js
@@ -40,6 +40,7 @@
'<d:propfind xmlns:d="DAV:">' +
'<d:prop><d:resourcetype/></d:prop>' +
'</d:propfind>',
+ contentType: 'application/xml; charset=utf-8',
complete: afterCall,
allowAuthErrors: true
});
@@ -572,12 +573,8 @@
});
}
- if (!xhr.getResponseHeader('Referrer-Policy') ||
- (xhr.getResponseHeader('Referrer-Policy').toLowerCase() !== 'no-referrer' &&
- xhr.getResponseHeader('Referrer-Policy').toLowerCase() !== 'no-referrer-when-downgrade' &&
- xhr.getResponseHeader('Referrer-Policy').toLowerCase() !== 'strict-origin' &&
- xhr.getResponseHeader('Referrer-Policy').toLowerCase() !== 'strict-origin-when-cross-origin' &&
- xhr.getResponseHeader('Referrer-Policy').toLowerCase() !== 'same-origin')) {
+ const referrerPolicy = xhr.getResponseHeader('Referrer-Policy')
+ if (referrerPolicy === null || !/(no-referrer(-when-downgrade)?|strict-origin(-when-cross-origin)?|same-origin)(,|$)/.test(referrerPolicy)) {
messages.push({
msg: t('core', 'The "{header}" HTTP header is not set to "{val1}", "{val2}", "{val3}", "{val4}" or "{val5}". This can leak referer information. See the <a target="_blank" rel="noreferrer noopener" href="{link}">W3C Recommendation ↗</a>.',
{
@@ -590,7 +587,7 @@
link: 'https://www.w3.org/TR/referrer-policy/'
}),
type: OC.SetupChecks.MESSAGE_TYPE_INFO
- });
+ })
}
} else {
messages.push({
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-02 08:07:22 +0000