aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/AppFramework/Middleware/Security
Commit message (Expand)AuthorAgeFilesLines
* fix(l10n): Improve english source stringsJoas Schilling2025-02-261-3/+3
* fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlistbugfix/noid/allow-ratelimit-bypassJoas Schilling2025-01-271-0/+9
* feat: Use inline password confirmation in external storage settingsLouis Chemineau2024-11-281-66/+57
* fix(Middleware): log deprecation when annotation was actually usedfix/noid/deprecation-correct-caseArthur Schiwon2024-11-121-1/+1
* chore(deps): Update nextcloud/coding-standard to v1.3.1provokateurin2024-09-192-3/+5
* chore: fix typo in `SameSiteCookieMiddleware`Ferdinand Thiessen2024-08-311-4/+4
* chore: Remove unused `CsrfTokenManager` from `CSPMiddleware`Ferdinand Thiessen2024-08-311-16/+7
* style: update codestyle for coding-standard 1.2.3Daniel Kesselberg2024-08-253-4/+4
* perf: delay getting (sub)admin status for user in the security middleware unt...Robin Appelman2024-08-231-7/+28
* fix: Use `CSP_NONCE` env variable in ContentSecurity HeaderHolger Hees2024-08-131-1/+1
* feat(security): Add public API to allow validating IP Ranges and checking for...Joas Schilling2024-07-191-5/+5
* feat(security): restrict admin actions to IP rangesBenjamin Gaussorgues2024-07-192-53/+53
* chore: use "app_api" session key, "app_api_system" is deprecatedAndrey Borysenko2024-07-181-2/+3
* feat: allow for ExApps to call Admin endpoints marked with specific attrAlexander Piskun2024-07-181-6/+15
* feat(Security): Warn about using annotations instead of attributesprovokateurin2024-07-183-1/+9
* feat(AppFramework): Add ExAppRequired attributeprovokateurin2024-07-012-1/+27
* refactor(Token): introduce scope constantsArthur Schiwon2024-06-051-1/+2
* fix(Session): avoid password confirmation on SSOArthur Schiwon2024-06-051-2/+24
* chore: Add SPDX headerAndy Scherzinger2024-05-2418-381/+46
* fix: add check for app_api_system session flag to bypass rate limitFlorian Klinger2024-03-181-0/+7
* feat: rename users to account or personVincent Petry2024-02-131-3/+3
* chore: apply changes from Nextcloud coding standards 1.1.1Joas Schilling2023-11-235-21/+21
* fixed Drone testAlexander Piskun2023-10-061-1/+2
* added CORS skip if session was created by AppAPIAlexander Piskun2023-10-021-0/+4
* feat(appframework): Expose programmatic rate limiterChristoph Wurst2023-09-201-0/+3
* techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25Joas Schilling2023-08-282-11/+5
* fix(middleware): Fix header injection for bruteforce middlewareJoas Schilling2023-08-221-5/+1
* feat: Add a header which signals that the request was throttledJoas Schilling2023-08-211-4/+14
* Rewrite OCS CSRF check to be readablejld31032023-08-161-7/+15
* Merge pull request #38261 from fsamapoor/replace_strpos_calls_in_lib_privateRobin Appelman2023-06-011-1/+1
|\
| * Refactors "strpos" calls in lib/private to improve code readability.Faraz Samapoor2023-05-151-1/+1
* | fix(middleware): Also abort the request when reaching max delay in afterContr...Joas Schilling2023-05-151-22/+30
|/
* feat(security): Add PHP \Attribute for remaining security annotationsJoas Schilling2023-04-254-27/+132
* feat(ratelimit): Add Attributes support to rate limit middlewareJoas Schilling2023-04-241-41/+77
* fix(security)!: Use consistent HTTP status for strict cookie checksChristoph Wurst2023-04-171-0/+3
* Add a debug message when throttling without definingJoas Schilling2023-03-081-10/+9
* feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute an...Joas Schilling2023-03-081-5/+43
* fix(CORS): CORS should only be bypassed on `PublicPage` if not logged in to p...Ferdinand Thiessen2023-02-161-1/+1
* composer run cs:fixCôme Chilliet2023-01-205-10/+5
* Allow CSRF on CORS routesJonas Rittershofer2022-09-211-0/+4
* Update core to PHP 7.4 standardCarl Schwan2022-05-201-11/+3
* Add direct arg to login flowVincent Petry2022-03-281-0/+3
* Check style updateCarl Schwan2022-01-131-1/+1
* Pass username prefill through unauthenticated request redirectsJulius Härtl2021-12-291-0/+4
* Add admin privilege delegation for admin settingsCarl Schwan2021-09-291-5/+42
* Update php licensesJohn Molakvoæ (skjnldsv)2021-06-0418-31/+14
* fix error when using CORS with no auth credentialskorelstar2021-05-181-5/+4
* Merge pull request #26591 from nextcloud/techdebt/noid/less-iloggerChristoph Wurst2021-04-271-6/+5
|\
| * Less ILoggerJoas Schilling2021-04-271-6/+5
* | Fix ratelimit templateJoas Schilling2021-04-271-14/+7
|/
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-25 16:16:10 +0000