summaryrefslogtreecommitdiffstats
path: root/lib/private/Security
Commit message (Expand)AuthorAgeFilesLines
* fix(CSP): Add CSP nonce by default and convert `browserSupportsCspV3` to bloc...Ferdinand Thiessen2024-03-261-8/+5
* Refactor `OC\Server::getHasher`Andrew Summers2024-03-151-2/+2
* fix: Add edge as supported user agent for CSPv3 noncesJulius Härtl2024-03-081-0/+1
* fix(security): Handle idn_to_utf8 returning falseJoas Schilling2023-12-041-0/+4
* chore: apply changes from Nextcloud coding standards 1.1.1Joas Schilling2023-11-233-5/+5
* feat(ContentSecurityPolicy): Allow to set `strict-dynamic` on `script-src-ele...Ferdinand Thiessen2023-11-171-0/+8
* Simplify IP address normalizer with IP masksBenjamin Gaussorgues2023-11-081-54/+15
* Refactors lib/private/Security.Faraz Samapoor2023-09-2710-201/+65
* Merge pull request #39013 from fsamapoor/refactor_lib_private_security_part3Robin Appelman2023-09-229-152/+53
|\
| * Update lib/private/Security/Certificate.phpFaraz Samapoor2023-09-211-1/+0
| * Updates the typed properties.Faraz Samapoor2023-09-211-4/+4
| * Refactors lib/private/Security.Faraz Samapoor2023-09-219-151/+53
* | feat(appframework): Expose programmatic rate limiterChristoph Wurst2023-09-202-2/+4
|/
* fix: Make bypass function public APIJoas Schilling2023-08-212-7/+8
* feat: Expose if the own IP is allowed to bypass bruteforce protectionJoas Schilling2023-08-212-22/+12
* feat(security): Add a "testing mode" for bruteforce protection that doesn't s...Joas Schilling2023-08-211-2/+6
* feat(security): Add a bruteforce protection backend base on memcacheJoas Schilling2023-08-214-126/+430
* Allow "wasm-unsafe-eval" in CSPDaniel Calviño Sánchez2023-08-101-0/+8
* Refactors lib/private/Security.Faraz Samapoor2023-06-269-180/+107
* Merge pull request #38261 from fsamapoor/replace_strpos_calls_in_lib_privateRobin Appelman2023-06-013-4/+3
|\
| * Refactors "strpos" calls in lib/private to improve code readability.Faraz Samapoor2023-05-153-4/+3
* | log failures to read certificates during listingRobin Appelman2023-05-311-1/+7
|/
* Merge pull request #35092 from Messj1/bugfix/type-error-cert-manager-cache-pathJohn Molakvoæ2023-05-041-5/+12
|\
| * [BUGFIX] throw exception instead of error if unable to create file handler (o...Jan Messer2023-04-061-0/+4
| * [BUGFIX] check return value and improve error handlingJan Messer2023-04-061-5/+8
* | Use typed version of IConfig::getSystemValue as much as possibleCôme Chilliet2023-04-056-10/+10
|/
* Merge pull request #36836 from nextcloud/fix/view-type-cleanupCôme Chilliet2023-04-051-20/+10
|\
| * Fix return type of methods returning false on errorCôme Chilliet2023-04-031-20/+10
* | feat(security): Allow to opt-out of ratelimit protection, e.g. for testing on CIJoas Schilling2023-04-032-12/+29
|/
* composer run cs:fixCôme Chilliet2023-01-201-1/+0
* Add remote host validation APIChristoph Wurst2022-10-311-0/+76
* Add rate limiting on lost password emailsCôme Chilliet2022-10-181-3/+3
* Merge pull request #31499 from nextcloud/bugfix/empty-secretCarl Schwan2022-10-173-4/+31
|\
| * Mark method as deprecatedCarl Schwan2022-09-131-1/+0
| * Fix decryption fallback after adding a secretJulius Härtl2022-03-101-5/+10
| * Add fallback routines for empty secret casesJulius Härtl2022-03-103-2/+25
* | Port existing server code to new interfaceCarl Schwan2022-08-081-19/+12
* | Add a public interface for the bruteforce throttler and register for injectionJoas Schilling2022-07-281-5/+3
* | Fix typos in lib/private subdirectoryluz paz2022-07-271-1/+1
* | Only ignore attempts of the same actionJoas Schilling2022-07-071-4/+4
* | Fix detection of firefox in ContentSecurityPolicyNonceManagerCarl Schwan2022-06-291-4/+2
* | Validate requested length is random string generatorVincent Petry2022-05-121-1/+6
* | Merge pull request #32113 from nextcloud/bugfix/noid/fix-csp-merging-boolsVincent Petry2022-05-052-1/+13
|\ \
| * | Add CSP policy merge priority for booleansVincent Petry2022-04-012-1/+13
* | | Don't inject Bruteforce capability info in the webuiCarl Schwan2022-04-071-1/+2
|/ /
* | Migrate from ILogger to LoggerInterface in lib/privateCôme Chilliet2022-03-243-27/+11
* | cache the path of the certificate bundleRobin Appelman2022-03-171-7/+15
* | return default bundle when there is an error getting the bundleRobin Appelman2022-03-141-7/+11
* | Allow to set a strict-dynamic CSP through the APIJulius Härtl2022-03-091-0/+7
|/
* Use the new option to signaling insensitivityJoas Schilling2022-02-071-0/+2
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-17 15:45:02 +0000