aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Security
Commit message (Expand)AuthorAgeFilesLines
* fix: gracefully parse non-standard trusted certificatesfix/gracefully-parse-trusted-certificatesRichard Steinmetz2024-09-241-0/+10
* chore(deps): Update nextcloud/coding-standard to v1.3.1provokateurin2024-09-197-17/+17
* refactor: Replace __CLASS__ with ::class referencesrefactor/self-class-referenceChristoph Wurst2024-09-152-2/+2
* chore: adjust code to adhere to coding standardAnna Larch2024-09-051-1/+1
* style: update codestyle for coding-standard 1.2.3Daniel Kesselberg2024-08-255-6/+6
* feat: Provide CSP nonce as `<meta>` elementFerdinand Thiessen2024-08-131-1/+2
* fix: Make sure CSP nonce is not double base64 encodedFerdinand Thiessen2024-08-131-1/+4
* Merge pull request #46571 from nextcloud/chore/migrate-to-filenamevalidatorStephan Orbaugh2024-07-221-14/+15
|\
| * refactor: Migrate some legacy and core functions to `IFilenameValidator`Ferdinand Thiessen2024-07-191-14/+15
* | feat(Security): add Factory for IP addresses and rangesBenjamin Gaussorgues2024-07-191-0/+23
* | feat(security): Add public API to allow validating IP Ranges and checking for...Joas Schilling2024-07-194-64/+158
* | feat(security): restrict admin actions to IP rangesBenjamin Gaussorgues2024-07-191-0/+64
|/
* chore: More explicit splitHash typingChristopher Ng2024-07-041-1/+1
* feat: Add method to validate an IHasher hashChristopher Ng2024-07-041-0/+14
* fix: don't use custom certificate bundle if no customer certificates are conf...Robin Appelman2024-06-141-9/+9
* Merge branch 'master' into refactor/OC-Server-getSecureRandomJohn Molakvoæ2024-05-3034-1159/+245
|\
| * chore: Add SPDX headerAndy Scherzinger2024-05-2434-734/+82
| * fix: Correctly check result of functionJoas Schilling2024-05-151-2/+2
| * fix(CSP): Add CSP nonce by default and convert `browserSupportsCspV3` to bloc...Ferdinand Thiessen2024-03-261-8/+5
| * Refactor `OC\Server::getHasher`Andrew Summers2024-03-151-2/+2
| * fix: Add edge as supported user agent for CSPv3 noncesJulius Härtl2024-03-081-0/+1
| * fix(security): Handle idn_to_utf8 returning falseJoas Schilling2023-12-041-0/+4
| * chore: apply changes from Nextcloud coding standards 1.1.1Joas Schilling2023-11-233-5/+5
| * feat(ContentSecurityPolicy): Allow to set `strict-dynamic` on `script-src-ele...Ferdinand Thiessen2023-11-171-0/+8
| * Simplify IP address normalizer with IP masksBenjamin Gaussorgues2023-11-081-54/+15
| * Refactors lib/private/Security.Faraz Samapoor2023-09-2710-201/+65
| * Merge pull request #39013 from fsamapoor/refactor_lib_private_security_part3Robin Appelman2023-09-229-152/+53
| |\
| | * Update lib/private/Security/Certificate.phpFaraz Samapoor2023-09-211-1/+0
| | * Updates the typed properties.Faraz Samapoor2023-09-211-4/+4
| | * Refactors lib/private/Security.Faraz Samapoor2023-09-219-151/+53
| * | feat(appframework): Expose programmatic rate limiterChristoph Wurst2023-09-202-2/+4
| |/
* / Refactor `OC\Server::getSecureRandom`Andrew Summers2023-08-291-1/+1
|/
* fix: Make bypass function public APIJoas Schilling2023-08-212-7/+8
* feat: Expose if the own IP is allowed to bypass bruteforce protectionJoas Schilling2023-08-212-22/+12
* feat(security): Add a "testing mode" for bruteforce protection that doesn't s...Joas Schilling2023-08-211-2/+6
* feat(security): Add a bruteforce protection backend base on memcacheJoas Schilling2023-08-214-126/+430
* Allow "wasm-unsafe-eval" in CSPDaniel Calviño Sánchez2023-08-101-0/+8
* Refactors lib/private/Security.Faraz Samapoor2023-06-269-180/+107
* Merge pull request #38261 from fsamapoor/replace_strpos_calls_in_lib_privateRobin Appelman2023-06-013-4/+3
|\
| * Refactors "strpos" calls in lib/private to improve code readability.Faraz Samapoor2023-05-153-4/+3
* | log failures to read certificates during listingRobin Appelman2023-05-311-1/+7
|/
* Merge pull request #35092 from Messj1/bugfix/type-error-cert-manager-cache-pathJohn Molakvoæ2023-05-041-5/+12
|\
| * [BUGFIX] throw exception instead of error if unable to create file handler (o...Jan Messer2023-04-061-0/+4
| * [BUGFIX] check return value and improve error handlingJan Messer2023-04-061-5/+8
* | Use typed version of IConfig::getSystemValue as much as possibleCôme Chilliet2023-04-056-10/+10
|/
* Merge pull request #36836 from nextcloud/fix/view-type-cleanupCôme Chilliet2023-04-051-20/+10
|\
| * Fix return type of methods returning false on errorCôme Chilliet2023-04-031-20/+10
* | feat(security): Allow to opt-out of ratelimit protection, e.g. for testing on CIJoas Schilling2023-04-032-12/+29
|/
* composer run cs:fixCôme Chilliet2023-01-201-1/+0
* Add remote host validation APIChristoph Wurst2022-10-311-0/+76