| Commit message (Expand) | Author | Age | Files | Lines |
* | fix(CSP): Add CSP nonce by default and convert `browserSupportsCspV3` to bloc... | Ferdinand Thiessen | 2024-03-26 | 1 | -8/+5 |
* | Refactor `OC\Server::getHasher` | Andrew Summers | 2024-03-15 | 1 | -2/+2 |
* | fix: Add edge as supported user agent for CSPv3 nonces | Julius Härtl | 2024-03-08 | 1 | -0/+1 |
* | fix(security): Handle idn_to_utf8 returning false | Joas Schilling | 2023-12-04 | 1 | -0/+4 |
* | chore: apply changes from Nextcloud coding standards 1.1.1 | Joas Schilling | 2023-11-23 | 3 | -5/+5 |
* | feat(ContentSecurityPolicy): Allow to set `strict-dynamic` on `script-src-ele... | Ferdinand Thiessen | 2023-11-17 | 1 | -0/+8 |
* | Simplify IP address normalizer with IP masks | Benjamin Gaussorgues | 2023-11-08 | 1 | -54/+15 |
* | Refactors lib/private/Security. | Faraz Samapoor | 2023-09-27 | 10 | -201/+65 |
* | Merge pull request #39013 from fsamapoor/refactor_lib_private_security_part3 | Robin Appelman | 2023-09-22 | 9 | -152/+53 |
|\ |
|
| * | Update lib/private/Security/Certificate.php | Faraz Samapoor | 2023-09-21 | 1 | -1/+0 |
| * | Updates the typed properties. | Faraz Samapoor | 2023-09-21 | 1 | -4/+4 |
| * | Refactors lib/private/Security. | Faraz Samapoor | 2023-09-21 | 9 | -151/+53 |
* | | feat(appframework): Expose programmatic rate limiter | Christoph Wurst | 2023-09-20 | 2 | -2/+4 |
|/ |
|
* | fix: Make bypass function public API | Joas Schilling | 2023-08-21 | 2 | -7/+8 |
* | feat: Expose if the own IP is allowed to bypass bruteforce protection | Joas Schilling | 2023-08-21 | 2 | -22/+12 |
* | feat(security): Add a "testing mode" for bruteforce protection that doesn't s... | Joas Schilling | 2023-08-21 | 1 | -2/+6 |
* | feat(security): Add a bruteforce protection backend base on memcache | Joas Schilling | 2023-08-21 | 4 | -126/+430 |
* | Allow "wasm-unsafe-eval" in CSP | Daniel Calviño Sánchez | 2023-08-10 | 1 | -0/+8 |
* | Refactors lib/private/Security. | Faraz Samapoor | 2023-06-26 | 9 | -180/+107 |
* | Merge pull request #38261 from fsamapoor/replace_strpos_calls_in_lib_private | Robin Appelman | 2023-06-01 | 3 | -4/+3 |
|\ |
|
| * | Refactors "strpos" calls in lib/private to improve code readability. | Faraz Samapoor | 2023-05-15 | 3 | -4/+3 |
* | | log failures to read certificates during listing | Robin Appelman | 2023-05-31 | 1 | -1/+7 |
|/ |
|
* | Merge pull request #35092 from Messj1/bugfix/type-error-cert-manager-cache-path | John Molakvoæ | 2023-05-04 | 1 | -5/+12 |
|\ |
|
| * | [BUGFIX] throw exception instead of error if unable to create file handler (o... | Jan Messer | 2023-04-06 | 1 | -0/+4 |
| * | [BUGFIX] check return value and improve error handling | Jan Messer | 2023-04-06 | 1 | -5/+8 |
* | | Use typed version of IConfig::getSystemValue as much as possible | Côme Chilliet | 2023-04-05 | 6 | -10/+10 |
|/ |
|
* | Merge pull request #36836 from nextcloud/fix/view-type-cleanup | Côme Chilliet | 2023-04-05 | 1 | -20/+10 |
|\ |
|
| * | Fix return type of methods returning false on error | Côme Chilliet | 2023-04-03 | 1 | -20/+10 |
* | | feat(security): Allow to opt-out of ratelimit protection, e.g. for testing on CI | Joas Schilling | 2023-04-03 | 2 | -12/+29 |
|/ |
|
* | composer run cs:fix | Côme Chilliet | 2023-01-20 | 1 | -1/+0 |
* | Add remote host validation API | Christoph Wurst | 2022-10-31 | 1 | -0/+76 |
* | Add rate limiting on lost password emails | Côme Chilliet | 2022-10-18 | 1 | -3/+3 |
* | Merge pull request #31499 from nextcloud/bugfix/empty-secret | Carl Schwan | 2022-10-17 | 3 | -4/+31 |
|\ |
|
| * | Mark method as deprecated | Carl Schwan | 2022-09-13 | 1 | -1/+0 |
| * | Fix decryption fallback after adding a secret | Julius Härtl | 2022-03-10 | 1 | -5/+10 |
| * | Add fallback routines for empty secret cases | Julius Härtl | 2022-03-10 | 3 | -2/+25 |
* | | Port existing server code to new interface | Carl Schwan | 2022-08-08 | 1 | -19/+12 |
* | | Add a public interface for the bruteforce throttler and register for injection | Joas Schilling | 2022-07-28 | 1 | -5/+3 |
* | | Fix typos in lib/private subdirectory | luz paz | 2022-07-27 | 1 | -1/+1 |
* | | Only ignore attempts of the same action | Joas Schilling | 2022-07-07 | 1 | -4/+4 |
* | | Fix detection of firefox in ContentSecurityPolicyNonceManager | Carl Schwan | 2022-06-29 | 1 | -4/+2 |
* | | Validate requested length is random string generator | Vincent Petry | 2022-05-12 | 1 | -1/+6 |
* | | Merge pull request #32113 from nextcloud/bugfix/noid/fix-csp-merging-bools | Vincent Petry | 2022-05-05 | 2 | -1/+13 |
|\ \ |
|
| * | | Add CSP policy merge priority for booleans | Vincent Petry | 2022-04-01 | 2 | -1/+13 |
* | | | Don't inject Bruteforce capability info in the webui | Carl Schwan | 2022-04-07 | 1 | -1/+2 |
|/ / |
|
* | | Migrate from ILogger to LoggerInterface in lib/private | Côme Chilliet | 2022-03-24 | 3 | -27/+11 |
* | | cache the path of the certificate bundle | Robin Appelman | 2022-03-17 | 1 | -7/+15 |
* | | return default bundle when there is an error getting the bundle | Robin Appelman | 2022-03-14 | 1 | -7/+11 |
* | | Allow to set a strict-dynamic CSP through the API | Julius Härtl | 2022-03-09 | 1 | -0/+7 |
|/ |
|
* | Use the new option to signaling insensitivity | Joas Schilling | 2022-02-07 | 1 | -0/+2 |