summaryrefslogtreecommitdiffstats
path: root/.htaccess
Commit message (Collapse)AuthorAgeFilesLines
* always_populate_raw_post_data has been removed with PHP 7.0Lukas Reschke2016-03-151-1/+0
|
* Duplicate block for PHP 7Lukas Reschke2016-03-151-0/+12
|
* Allow jpg files to be statically servedStephan Köninger2016-03-101-1/+1
| | | When using an background image in themes of type JPG, the current setting of owncloud's htaccess file does not allow to deliver these kinds of images as static content. Adding the file extensions as done in this commit, it works flawlessly.
* Add base rewrite rule only when RewriteBase is definedLukas Reschke2016-03-091-1/+0
| | | | In case Apache is configured with an `Alias` such as with the ownCloud packages the rewrite rules will fail when no valid RewriteBase is configured.
* Exclude ocs-provider from rewrite ruleLukas Reschke2016-02-251-0/+1
| | | | | Otherwise `localhost/ocs-provider/` cannot be accessed if mod_rewrite is install ed. Only affects master.
* Merge pull request #18194 from RealRancor/proxy_fcgiThomas Müller2016-02-051-2/+5
|\ | | | | Add mod_proxy_fcgi to .htaccess
| * Add mod_proxy_fcgi and mod_fastcgi to .htaccessRealRancor2015-11-171-2/+5
| |
* | Do not rewrite updater requestsVictor Dubiniuk2016-01-281-0/+1
| |
* | Add X-Download-Options and X-Permitted-Cross-Domain-PoliciesLukas Reschke2016-01-121-0/+2
| | | | | | | | Two small security hardenings for our IE users and those with Adobe products. Aligns it more with https://github.com/twitter/secureheaders#secureheaders---
* | Remove CSP stuff from .htaccessLukas Reschke2016-01-081-7/+0
| | | | | | :cry: Seems like Apache is inconsistent fun between versions. Let's remove it thus for now.
* | always check if the csp is emptyJörn Friedrich Dreyer2016-01-081-1/+1
| |
* | Use setifempty to please incompatible httpd versionsLukas Reschke2016-01-081-3/+6
| | | | | | | | Some httpd versions have problem with the old logic leading to resourced served with multiple headers.
* | Merge pull request #20966 from knox/masterThomas Müller2016-01-071-0/+2
|\ \ | | | | | | Do not rewrite letsencrypt .well-known URI
| * \ Merge branch 'master' into mastermbi2015-12-301-4/+0
| |\ \
| * | | Do not rewrite letsencrypt .well-known URImbi2015-12-081-0/+1
| | | |
| * | | Merge branch 'master' into mastermbi2015-12-081-0/+5
| |\ \ \
| * | | | Allow .well-known URI for letsencryptmbi2015-12-051-0/+1
| | | | | | | | | | | | | | | | | | | | See https://letsencrypt.readthedocs.org/en/latest/using.html#webroot
* | | | | Allow ico files to be served staticallyMorris Jobke2016-01-061-1/+1
| |_|/ / |/| | |
* | | | Merge pull request #20878 from ↵Thomas Müller2015-12-111-1/+0
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | owncloud/proper-htaccess-support-in-code-signing-checker Also run .htaccess routine when installing on another system than Apache
| * | | | Remove version check out of .htaccessLukas Reschke2015-12-081-1/+0
| | |/ / | |/| | | | | | | | | | This can now be achieved using the new code signing.
* / | | Add DirectorySlash to dynamic .htaccess writeLukas Reschke2015-12-081-3/+0
|/ / / | | | | | | | | | | | | | | | | | | | | | When `DirectorySlash off` is set then Apache will not lookup folders anymore. This is required for example when we use the rewrite directives on an existing path such as `/core/search`. By default Apache would load `/core/search/` instead `/core/search` so the redirect would fail here. This leads however to the problem that URLs such as `localhost/owncloud` would not load anymore while `localhost/owncloud/` would. This has caused problems such as https://github.com/owncloud/core/pull/21015 With this change we add the `DirectorySlash off` directive only when the `.htaccess` is writable to the dynamic part of it. This would also make `localhost/owncloud` work again as it would trigger the 404 directive which triggers the redirect in base.php.
* | | Allow .ico filesLukas Reschke2015-12-071-0/+1
| | | | | | | | | | | | Makes `/core/img/favicon.ico` accessible again via web.
* | | Add CSP header to static resourcesLukas Reschke2015-12-071-0/+4
|/ / | | | | | | Fixes https://github.com/owncloud/core/issues/16164
* | fix indentationMorris Jobke2015-12-021-4/+4
| |
* | Append PATH_INFO to ensure that file can be loaded on updateLukas Reschke2015-12-011-3/+2
| |
* | Disable MultiView + DirectorySlashLukas Reschke2015-12-011-1/+5
| | | | | | | | Required for routes that might otherwise collide with existing folders on the system
* | Set "SetEnv" within base `.htaccess` fileLukas Reschke2015-12-011-13/+12
| | | | | | | | mod_rewrite as used by the front controller may require a `RewriteBase` in case the installation is done using an alias. Since we cannot enforce a writable `.htaccess` file this will move the `front_controller_active` environment variable into the main .htaccess file. If administrators decide to have this one not writable they can still enable this feature by setting the `front_controller_active` environment variable within the Apache config.
* | Support pretty URLsLukas Reschke2015-12-011-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | This changeset allows ownCloud to run with pretty URLs, they will be used if mod_rewrite and mod_env are available. This means basically that the `index.php` in the URL is not shown to the user anymore. Also the not deprecated functions to generate URLs have been modified to support this behaviour, old functions such as `filePath` will still behave as before for compatibility reasons. Examples: http://localhost/owncloud/index.php/s/AIDyKbxiRZWAAjP => http://localhost/owncloud/s/AIDyKbxiRZWAAjP http://localhost/owncloud/index.php/apps/files/ => http://localhost/owncloud/apps/files/ Due to the way our CSS and JS is structured the .htaccess uses some hacks for the final result but could be worse... And I was just annoyed by all that users crying for the removal of `index.php` ;-)
* | Update .well-known redirects to the new dav endpointThomas Müller2015-11-181-2/+2
| | | | | | | | This reverts commit 68321efd29184fbc1bef409ec41f9b38501116ef.
* | Revert "Update .well-known redirects to the new dav endpoint"Thomas Müller2015-11-181-2/+2
| | | | | | | | This reverts commit d831c255ea726b8e8aaa0b3c1a8186808b82f73e.
* | Update .well-known redirects to the new dav endpointThomas Müller2015-11-181-2/+2
|/
* Remove legacy non-working rewrites in .htaccessRealRancor2015-10-151-2/+0
|
* Master is now 9.0.0 developmentJoas Schilling2015-10-141-1/+1
|
* Fix .htaccess: php_value should be integerRealRancor2015-09-291-1/+1
|
* properly indent .htaccessMorris Jobke2015-08-161-24/+24
|
* This will be 8.2 in the futureFrank Karlitschek2015-07-011-1/+1
|
* Merge pull request #15042 from wolfgangkarall/masterLukas Reschke2015-03-301-2/+2
|\ | | | | .htaccess RewriteRules: use permanent redirect for .well-known/(cal|card)dav, add 'L' flag
| * use permanent redirect for .well-known/(cal|card)dav, add 'L' flagWolfgang Karall2015-03-191-2/+2
| |
* | Add some generic default headers as well via PHPLukas Reschke2015-03-261-16/+21
|/
* Let users configure security headers in their WebserverLukas Reschke2015-03-021-0/+4
| | | | | | | | | | Doing this in the PHP code is not the right approach for multiple reasons: 1. A bug in the PHP code prevents them from being added to the response. 2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud) 3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations. This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
* Fix version revLukas Reschke2015-02-281-1/+1
|
* This is 8.0.1 nowFrank Karlitschek2015-02-281-1/+1
|
* Use "off" and "off" instead of true booleansLukas Reschke2015-02-231-1/+1
| | | | | | Apparently a boolean in php.ini is according to the documentation "on" or "off"… Fixes itself.
* Add expected values to default config as wellLukas Reschke2015-02-211-0/+1
|
* Setting default charset to UTF-8 in .htaccess and .user.iniFernando Rodriguez Sela2015-02-101-0/+1
|
* Reference module with `.c`Lukas Reschke2015-01-281-2/+2
| | | | Fixes https://github.com/owncloud/core/issues/13657
* Add check for `HTTP_RAW_POST_DATA` setting for >= 5.6Lukas Reschke2015-01-221-0/+1
| | | | | | PHP 5.6 otherwise throws notices for perfectly valid code which results in broken endpoints. Fixes https://github.com/owncloud/core/issues/13592
* Add version to .htaccessLukas Reschke2015-01-081-0/+1
| | | | | | | | | Currently if a user does not replace the .htaccess file with the new update this can lead to serious problems in case Apache is used as webserver. This commit adds the version to the .htaccess file and the update routine fails in case not the newest version is specified in there. This obviously means that every release has to update the version specified in .htaccess as well. But I see no better solution for it. Conflicts: lib/private/updater.php
* escape . in htaccess regex for CSS and JS HTTP headersMorris Jobke2015-01-051-1/+1
|
* blocked 3rdparty instead of l10nRobert Jäckel2014-11-271-1/+1
|
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-01 13:26:39 +0000