summaryrefslogtreecommitdiffstats
path: root/.htaccess
Commit message (Collapse)AuthorAgeFilesLines
* Make sure we properly ass well-known paths to index.phpJulius Härtl2020-12-291-2/+2
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Add well known handlers APIChristoph Wurst2020-12-161-4/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix security header setting in .htaccess by adding 'onsuccess unset'zertrin2020-03-051-0/+17
| | | | | | | | | | | | | | | | | | | The headers might already be set by the system administrator at the http server level (apache or nginx) for some or all virtualhosts. Using "always set" in the .htaccess of Nextcloud leads to the situation where the headers might be set twice (once in the default 'onsuccess' table and once in the 'always' table)! Which leads to warnings in the admin area. Adding "onsuccess unset" solves the problem, and forces the header in the 'onsucess' table to be unset, and the header in the 'always' table to be set. NOTE: with this change, Nextcloud overrides whatever the system administrator might have already set See github issues #16893 #16476 #16938 #18017 and discussion in PR #19002 Signed-off-by: zertrin <zertrin@gmail.com>
* +nodeinfo public serviceMaxence Lange2019-08-291-0/+1
| | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* Remove duplicated spacesJ0WI2019-08-111-2/+2
| | | | Signed-off-by: J0WI <J0WI@users.noreply.github.com>
* Use "always" condition for security headersJ0WI2019-08-111-7/+7
| | | | Signed-off-by: J0WI <J0WI@users.noreply.github.com>
* Sort headersJ0WI2019-08-111-4/+4
| | | | Signed-off-by: J0WI <J0WI@users.noreply.github.com>
* Add X-Frame-Options header to .htaccessJ0WI2019-08-111-0/+1
| | | | Signed-off-by: J0WI <J0WI@users.noreply.github.com>
* Remove the upload and memory settingJoas Schilling2019-03-041-3/+0
| | | | | | | | | | * Remove unneeded private method phpFileSize() * Bump autoloader * Remove setUploadLimit tests * Remove integrity check hacks for upload limit Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Remove unused php5 config from .htaccessMorris Jobke2019-03-041-12/+0
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Fix loading of .woff2 files in .htaccessJulius Härtl2018-11-181-1/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Merge pull request #11396 from nextcloud/wellknown-webfingerMorris Jobke2018-10-241-0/+1
|\ | | | | adding .well-known/webfinger
| * adding .well-known/webfingerMaxence Lange2018-10-101-0/+1
| | | | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* | Add "Referrer-Policy" to htaccess file, addresses issue #11099Patrik Kernstock2018-10-111-0/+1
|/ | | | Signed-off-by: Patrik Kernstock <info@pkern.at>
* Merge pull request #7419 from Abijeet/feature-7175Morris Jobke2018-03-061-1/+1
|\ | | | | Fixes #7175 - Allow to search for email address in user management
| * Added newline to end of htaccess fileAbijeet2017-12-181-1/+1
| | | | | | | | Signed-off-by: Abijeet <abijeetpatro@gmail.com>
| * Adds search by email function on the users screen.Abijeet2017-12-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | Fixes #7175. - Updated the query to fetch the users in users > everyone tab. - Updated the query to fetch the users in users > admin tab. - Tested to ensure that the disabled users are also being fetched. - Added test cases. Signed-off-by: Abijeet <abijeetpatro@gmail.com>
* | Correct mistaken regex wildcard in .htaccessDan Callahan2018-02-281-1/+1
| | | | | | | | | | | | Fixes #8578 Signed-off-by: Dan Callahan <dan.callahan@gmail.com>
* | Handle SSL certificate verifications for others than Let's EncryptRobert Scheck2018-02-051-1/+1
|/ | | | | | | | | | | | | | | | | Do no longer (wrongly) rewrite URLs like * http://example.net/.well-known/pki-validation/file.txt (Comodo) * http://example.net/.well-known/pki-validation/fileauth.txt (DigiCert, Thawte, GeoTrust) * http://example.net/.well-known/pki-validation/gsdv.txt (GlobalSign) * http://example.net/.well-known/pki-validation/starfield.htm (Starfield, GoDaddy) * http://example.net/.well-known/pki-validation/swisssign-check.txt (SwissSign) for automated SSL certificate verifications. All (common commercial) certificate authorities (CA) except Let's Encrypt (via ACME) seem to use "pki-validation" rather "acme-challenge" for their domain control validation (DCV). Signed-off-by: Robert Scheck <robert@fedoraproject.org>
* Move X-Frame-Options into PHPLukas Reschke2017-03-261-1/+0
| | | | | | The public calendar view should be embeddable and we can't do that if the .htaccess sets a global X-Frame-Options. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Fix for Win Clients sometimes not connectingFlole9982017-02-031-0/+2
| | | Fix for Win Clients sometimes not connecting
* Cache js, css and woff files for a week (#26591)Jörn Friedrich Dreyer2016-11-141-2/+7
| | | | | | increases the cache duration for css and js files from 2 hours to half a year. Should they change the versionhash changes as well and a new file is fetched. Half a year should be long enough for oc updates. Also allows caching woff files for 7 days. Currently, there is no versionhash available, but pressing F5 will also refresh the woff files.
* Make sure memory limit is > post size and upload filesizeJoas Schilling2016-09-131-4/+4
|
* Also cache WOFF, SVG and GIFLukas Reschke2016-08-081-2/+2
|
* .htaccess update making two rules non-capturingMartin2016-06-031-2/+2
|
* Do not automatically try to enable index.php-less URLs (#24539)Lukas Reschke2016-05-121-17/+0
| | | | | | | | | | | | | | | | | The current logic for mod_rewrite relies on the fact that people have properly configured ownCloud, basically it reads from the `overwrite.cli.ur l` entry and then derives the `RewriteBase` from it. This usually works. However, since the ownCloud packages seem to install themselves at `/owncloud` (because subfolders are cool or so…) _a lot_ of people have just created a new Virtual Host for it or have simply symlinked the path etc. This means that `overwrite.cli.url` is wrong, which fails hard if it is used as RewriteBase since Apache does not know where it should serve files from. In the end the ownCloud instance will not be accessible anymore and users will be frustrated. Also some shared hosters like 1&1 (because using shared hosters is so awesome… ;-)) have somewhat dubious Apache configurations or use versions of mod_rewrite from the mediveal age. (because updating is money or so…) Anyhow. This makes this explicitly an opt-in configuration flag. If `htaccess.RewriteBase` is set then it will configure index.php-less URLs, if admins set that after installation and don't want to wait until the next ownCloud version they can run `occ maintenance:update:htaccess`. For ownCloud 9.0 we also have to add a repair step to make sure that instances that already have a RewriteBase configured continue to use it by copying it into the config file. That way all existing URLs stay valid. That one is not in this PR since this is unneccessary in master. Effectively this reduces another risk of breakage when updating from ownCloud 8 to ownCloud 9. Fixes https://github.com/owncloud/core/issues/24525, https://github.com/owncloud/core/issues/24426 and probably some more.
* Use raw PATH_INFOLukas Reschke2016-03-171-2/+2
| | | | | | PATH_INFO will be empty at this point and thus the logic in base.php did not catch this. Changing this to "getRawPathInfo" will ensure that the path info is properly read. Fixes https://github.com/owncloud/core/issues/23199
* always_populate_raw_post_data has been removed with PHP 7.0Lukas Reschke2016-03-151-1/+0
|
* Duplicate block for PHP 7Lukas Reschke2016-03-151-0/+12
|
* Allow jpg files to be statically servedStephan Köninger2016-03-101-1/+1
| | | When using an background image in themes of type JPG, the current setting of owncloud's htaccess file does not allow to deliver these kinds of images as static content. Adding the file extensions as done in this commit, it works flawlessly.
* Add base rewrite rule only when RewriteBase is definedLukas Reschke2016-03-091-1/+0
| | | | In case Apache is configured with an `Alias` such as with the ownCloud packages the rewrite rules will fail when no valid RewriteBase is configured.
* Exclude ocs-provider from rewrite ruleLukas Reschke2016-02-251-0/+1
| | | | | Otherwise `localhost/ocs-provider/` cannot be accessed if mod_rewrite is install ed. Only affects master.
* Merge pull request #18194 from RealRancor/proxy_fcgiThomas Müller2016-02-051-2/+5
|\ | | | | Add mod_proxy_fcgi to .htaccess
| * Add mod_proxy_fcgi and mod_fastcgi to .htaccessRealRancor2015-11-171-2/+5
| |
* | Do not rewrite updater requestsVictor Dubiniuk2016-01-281-0/+1
| |
* | Add X-Download-Options and X-Permitted-Cross-Domain-PoliciesLukas Reschke2016-01-121-0/+2
| | | | | | | | Two small security hardenings for our IE users and those with Adobe products. Aligns it more with https://github.com/twitter/secureheaders#secureheaders---
* | Remove CSP stuff from .htaccessLukas Reschke2016-01-081-7/+0
| | | | | | :cry: Seems like Apache is inconsistent fun between versions. Let's remove it thus for now.
* | always check if the csp is emptyJörn Friedrich Dreyer2016-01-081-1/+1
| |
* | Use setifempty to please incompatible httpd versionsLukas Reschke2016-01-081-3/+6
| | | | | | | | Some httpd versions have problem with the old logic leading to resourced served with multiple headers.
* | Merge pull request #20966 from knox/masterThomas Müller2016-01-071-0/+2
|\ \ | | | | | | Do not rewrite letsencrypt .well-known URI
| * \ Merge branch 'master' into mastermbi2015-12-301-4/+0
| |\ \
| * | | Do not rewrite letsencrypt .well-known URImbi2015-12-081-0/+1
| | | |
| * | | Merge branch 'master' into mastermbi2015-12-081-0/+5
| |\ \ \
| * | | | Allow .well-known URI for letsencryptmbi2015-12-051-0/+1
| | | | | | | | | | | | | | | | | | | | See https://letsencrypt.readthedocs.org/en/latest/using.html#webroot
* | | | | Allow ico files to be served staticallyMorris Jobke2016-01-061-1/+1
| |_|/ / |/| | |
* | | | Merge pull request #20878 from ↵Thomas Müller2015-12-111-1/+0
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | owncloud/proper-htaccess-support-in-code-signing-checker Also run .htaccess routine when installing on another system than Apache
| * | | | Remove version check out of .htaccessLukas Reschke2015-12-081-1/+0
| | |/ / | |/| | | | | | | | | | This can now be achieved using the new code signing.
* / | | Add DirectorySlash to dynamic .htaccess writeLukas Reschke2015-12-081-3/+0
|/ / / | | | | | | | | | | | | | | | | | | | | | When `DirectorySlash off` is set then Apache will not lookup folders anymore. This is required for example when we use the rewrite directives on an existing path such as `/core/search`. By default Apache would load `/core/search/` instead `/core/search` so the redirect would fail here. This leads however to the problem that URLs such as `localhost/owncloud` would not load anymore while `localhost/owncloud/` would. This has caused problems such as https://github.com/owncloud/core/pull/21015 With this change we add the `DirectorySlash off` directive only when the `.htaccess` is writable to the dynamic part of it. This would also make `localhost/owncloud` work again as it would trigger the 404 directive which triggers the redirect in base.php.
* | | Allow .ico filesLukas Reschke2015-12-071-0/+1
| | | | | | | | | | | | Makes `/core/img/favicon.ico` accessible again via web.
* | | Add CSP header to static resourcesLukas Reschke2015-12-071-0/+4
|/ / | | | | | | Fixes https://github.com/owncloud/core/issues/16164
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 08:26:38 +0000