| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Non-cache-busted assets such as /dist/core-main.js also matched the
regex meant for cache-busted assets (note the ? at the end of the
regex).
The FilesMatch directive for cache-busted assets coming after the
non-cache-busted version all assets actually got the immutable flag
in their Cache-Control header. This caused client-side errors on
updates.
Query strings are not actually passed to FilesMatch directives so we
need another way to tell cache-busted/versionned assets apart from
non-versioned assets, here using If/Else directives.
Signed-off-by: Nicolas Guichard <nicolas@guichard.eu>
|
|
|
|
|
|
|
|
|
|
| |
While "none" is indeed equivalent to "noindex, nofollow" for Google, but seems to be not supported by Bing and probably other search engines.
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name#other_metadata_names
https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag?hl=de#comma-separated-list
https://www.bing.com/webmasters/help/which-robots-metatags-does-bing-support-5198d240
Signed-off-by: MichaIng <micha@dietpi.com>
|
|
|
|
|
|
| |
X-UA-Compatible and X-Download-Options headers are interpreted or relevant for Internet Explorer only. With the deprecation of Internet Explorer support in Nextcloud 20 and planned support removal already in Nextcloud 22, these became obsolete and are hereby removed, including their removal from setup checks.
Signed-off-by: MichaIng <micha@dietpi.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Cache css with version in url. This makes most js and css requests to
be cached by the browser
* Force caching previews, the etag is in the url so that if the propfind
gives a new etag, we will refresh it otherwise it's no use to try to
fetch the new etag and do tons of DB queries
Tested with firefox and 'debug' => false (important so that the js/css
urls are generated with ?v= parameter)
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since Talk 13 (and thus Nextcloud 23) WebAssembly (.wasm) and TensorFlow
Lite (.tflite) files need to be loaded from the web server to provide
certain features (like the background blur in the WebUI).
Those files can be treated in a similar way to other static resources,
and there should not be any problem caching or compressing them.
However, as compressed TensorFlow Lite files are only ~12% smaller,
the compression directive depends on the MIME type and there is no
standard MIME type for TensorFlow Lite files it is not worth to compress
them.
Moreover, no directives to compress WebAssembly files were added either,
as it seems that they would override any other compression directives
set in the default server configuration; for reference it could be done
with something like:
<IfModule mod_deflate.c>
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE application/wasm
</IfModule>
</IfModule>
Depending on the setup "application/wasm" may not be associated with
".wasm" files, so the directive was added just in case, as otherwise
browsers log a warning.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
|
| |
|
|
|
|
|
| |
- Add `mod_lsapi` (Cloudlinux) authorization headers
- Add `mod_php8` php_values
- Reformating for better lisibilty
|
|
|
| |
Fix #26851
|
|
|
|
| |
Signed-off-by: Julius Härtl <jus@bitgrid.net>
|
|
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The headers might already be set by the system administrator at the http server
level (apache or nginx) for some or all virtualhosts.
Using "always set" in the .htaccess of Nextcloud leads to the situation where
the headers might be set twice (once in the default 'onsuccess' table and once
in the 'always' table)! Which leads to warnings in the admin area.
Adding "onsuccess unset" solves the problem, and forces the header in
the 'onsucess' table to be unset, and the header in the 'always' table to be set.
NOTE: with this change, Nextcloud overrides whatever the system administrator
might have already set
See github issues #16893 #16476 #16938 #18017 and discussion in PR #19002
Signed-off-by: zertrin <zertrin@gmail.com>
|
|
|
| |
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
|
|
|
|
| |
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
|
|
|
|
| |
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
|
|
|
|
| |
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
|
|
|
|
| |
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
| |
* Remove unneeded private method phpFileSize()
* Bump autoloader
* Remove setUploadLimit tests
* Remove integrity check hacks for upload limit
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
|
|
|
| |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
|
|
|
| |
Signed-off-by: Julius Härtl <jus@bitgrid.net>
|
|\
| |
| | |
adding .well-known/webfinger
|
| |
| |
| | |
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
|
|/
|
|
| |
Signed-off-by: Patrik Kernstock <info@pkern.at>
|
|\
| |
| | |
Fixes #7175 - Allow to search for email address in user management
|
| |
| |
| |
| | |
Signed-off-by: Abijeet <abijeetpatro@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes #7175.
- Updated the query to fetch the users in users > everyone tab.
- Updated the query to fetch the users in users > admin tab.
- Tested to ensure that the disabled users are also being fetched.
- Added test cases.
Signed-off-by: Abijeet <abijeetpatro@gmail.com>
|
| |
| |
| |
| |
| |
| | |
Fixes #8578
Signed-off-by: Dan Callahan <dan.callahan@gmail.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do no longer (wrongly) rewrite URLs like
* http://example.net/.well-known/pki-validation/file.txt (Comodo)
* http://example.net/.well-known/pki-validation/fileauth.txt (DigiCert, Thawte, GeoTrust)
* http://example.net/.well-known/pki-validation/gsdv.txt (GlobalSign)
* http://example.net/.well-known/pki-validation/starfield.htm (Starfield, GoDaddy)
* http://example.net/.well-known/pki-validation/swisssign-check.txt (SwissSign)
for automated SSL certificate verifications. All (common commercial)
certificate authorities (CA) except Let's Encrypt (via ACME) seem to
use "pki-validation" rather "acme-challenge" for their domain control
validation (DCV).
Signed-off-by: Robert Scheck <robert@fedoraproject.org>
|
|
|
|
|
|
| |
The public calendar view should be embeddable and we can't do that if the .htaccess sets a global X-Frame-Options.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
|
|
| |
Fix for Win Clients sometimes not connecting
|
|
|
|
|
|
| |
increases the cache duration for css and js files from 2 hours to half a year. Should they change the versionhash changes as well and a new file is fetched. Half a year should be long enough for oc updates.
Also allows caching woff files for 7 days. Currently, there is no versionhash available, but pressing F5 will also refresh the woff files.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current logic for mod_rewrite relies on the fact that people have properly configured ownCloud, basically it reads from the `overwrite.cli.ur
l` entry and then derives the `RewriteBase` from it.
This usually works. However, since the ownCloud packages seem to install themselves at `/owncloud` (because subfolders are cool or so…) _a lot_ of people have just created a new Virtual Host for it or have simply symlinked the path etc.
This means that `overwrite.cli.url` is wrong, which fails hard if it is used as RewriteBase since Apache does not know where it should serve files from. In the end the ownCloud instance will not be accessible anymore and users will be frustrated. Also some shared hosters like 1&1 (because using shared hosters is so awesome… ;-)) have somewhat dubious Apache configurations or use versions of mod_rewrite from the mediveal age. (because updating is money or so…)
Anyhow. This makes this explicitly an opt-in configuration flag. If `htaccess.RewriteBase` is set then it will configure index.php-less URLs, if
admins set that after installation and don't want to wait until the next ownCloud version they can run `occ maintenance:update:htaccess`.
For ownCloud 9.0 we also have to add a repair step to make sure that instances that already have a RewriteBase configured continue to use it by copying it into the config file. That way all existing URLs stay valid. That one is not in this PR since this is unneccessary in master.
Effectively this reduces another risk of breakage when updating from ownCloud 8 to ownCloud 9.
Fixes https://github.com/owncloud/core/issues/24525, https://github.com/owncloud/core/issues/24426 and probably some more.
|
|
|
|
|
|
| |
PATH_INFO will be empty at this point and thus the logic in base.php did not catch this. Changing this to "getRawPathInfo" will ensure that the path info is properly read.
Fixes https://github.com/owncloud/core/issues/23199
|
| |
|
| |
|
|
|
| |
When using an background image in themes of type JPG, the current setting of owncloud's htaccess file does not allow to deliver these kinds of images as static content. Adding the file extensions as done in this commit, it works flawlessly.
|
|
|
|
| |
In case Apache is configured with an `Alias` such as with the ownCloud packages the rewrite rules will fail when no valid RewriteBase is configured.
|
|
|
|
|
| |
Otherwise `localhost/ocs-provider/` cannot be accessed if mod_rewrite is install
ed. Only affects master.
|
|\
| |
| | |
Add mod_proxy_fcgi to .htaccess
|
| | |
|
| | |
|
| |
| |
| |
| | |
Two small security hardenings for our IE users and those with Adobe products. Aligns it more with https://github.com/twitter/secureheaders#secureheaders---
|
| |
| |
| | |
:cry: Seems like Apache is inconsistent fun between versions. Let's remove it thus for now.
|
| | |
|
| |
| |
| |
| | |
Some httpd versions have problem with the old logic leading to resourced served with multiple headers.
|
|\ \
| | |
| | | |
Do not rewrite letsencrypt .well-known URI
|
| |\ \ |
|
| | | | |
|