summaryrefslogtreecommitdiffstats
path: root/lib/private/appframework/middleware
Commit message (Collapse)AuthorAgeFilesLines
* Move \OC\AppFramework to PSR-4Roeland Jago Douma2016-04-229-797/+0
| | | | * Also moved the autoloader setup a bit up since we need it in initpaths
* Move login form into controllerLukas Reschke2016-04-151-3/+6
| | | | First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
* lib: Fix typos (found by codespell)Stefan Weil2016-04-073-4/+4
| | | | Signed-off-by: Stefan Weil <sw@weilnetz.de>
* Remove Scrutinizer Auto FixerLukas Reschke2016-03-011-1/+0
|
* Add public API to give developers the possibility to adjust the global CSP ↵Lukas Reschke2016-01-281-2/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | defaults Allows to inject something into the default content policy. This is for example useful when you're injecting Javascript code into a view belonging to another controller and cannot modify its Content-Security-Policy itself. Note that the adjustment is only applied to applications that use AppFramework controllers. To use this from your `app.php` use `\OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy)`, $policy has to be of type `\OCP\AppFramework\Http\ContentSecurityPolicy`. To test this add something like the following into an `app.php` of any enabled app: ``` $manager = \OC::$server->getContentSecurityPolicyManager(); $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false); $policy->addAllowedFrameDomain('asdf'); $policy->addAllowedScriptDomain('yolo.com'); $policy->allowInlineScript(false); $manager->addDefaultPolicy($policy); $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false); $policy->addAllowedFontDomain('yolo.com'); $manager->addDefaultPolicy($policy); $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false); $policy->addAllowedFrameDomain('banana.com'); $manager->addDefaultPolicy($policy); ``` If you now open the files app the policy should be: ``` Content-Security-Policy:default-src 'none';script-src yolo.com 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src yolo.com 'self';connect-src 'self';media-src 'self';frame-src asdf banana.com 'self' ```
* Happy new year!Thomas Müller2016-01-129-9/+19
|
* Scrutinizer Auto-FixesScrutinizer Auto-Fixer2015-12-101-1/+0
| | | | This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
* Show error templateLukas Reschke2015-11-307-37/+178
| | | | Otherwise this leads to an endless redirection in case of a CSRF exception. Also sets user expectation right.
* update licence headers via scriptMorris Jobke2015-10-051-1/+1
|
* Return proper status code in case of a CORS exceptionLukas Reschke2015-07-202-11/+40
| | | | | | When returning a 500 statuscode external applications may interpret this as an error instead of handling this more gracefully. This will now make return a 401 thus. Fixes https://github.com/owncloud/core/issues/17742
* disallow cookie auth for cors requestsBernhard Posselt2015-05-221-5/+44
| | | | | | | | | | | | | | | | testing ... fixes fix test add php doc fix small mistake add another phpdoc remove not working cors annotations from files app
* Update license headersJenkins for ownCloud2015-03-265-49/+75
|
* Revert "Updating license headers"Morris Jobke2015-02-265-72/+57
| | | | This reverts commit 6a1a4880f0d556fb090f19a5019fec31916f5c36.
* Updating license headersJenkins for ownCloud2015-02-235-57/+72
|
* Move CSRF checkLukas Reschke2014-11-171-0/+3
| | | | Because we're closing the session now before controllers are executed there are cases where we cannot write the session.
* Check if app is enabled for userLukas Reschke2014-11-151-0/+11
| | | | Fixes https://github.com/owncloud/core/issues/12188 for AppFramework apps
* Use function outside of loopLukas Reschke2014-10-241-2/+3
| | | | Otherwise the function is executed n times which is a lot of overhead
* introduce SessionMiddleWare to control session handling via an annotationThomas Müller2014-10-221-0/+70
|
* Redirect after session expiry to the previous loaded pageMorris Jobke2014-07-011-0/+2
| | | | * fixes #6945
* fix 8757, get rid of service locator antipatternBernhard Posselt2014-05-281-23/+35
|
* use new controllermethodreflector for corsmiddlewareBernhard Posselt2014-05-111-5/+8
|
* adjust license headers to new mail addressBernhard Posselt2014-05-113-3/+3
|
* add private property for reflector in security middlewareBernhard Posselt2014-05-111-0/+5
|
* implement most of the basic stuff that was suggested in #8290Bernhard Posselt2014-05-111-8/+8
|
* Fix method signatureBernhard Posselt2014-05-111-2/+1
|
* add cors middlewareBernhard Posselt2014-05-091-0/+73
| | | | | | | | | | | | | | | | | | | | | | | | | | remove methodannotationreader namespace fix namespace for server container fix tests fail if with cors credentials header is set to true, implement a reusable preflighted cors method in the controller baseclass, make corsmiddleware private and register it for every request remove uneeded local in cors middleware registratio dont uppercase cors to easily use it from routes fix indention comment fixes explicitely set allow credentials header to false dont depend on better controllers PR, fix that stuff later split cors methods to be in a seperate controller for exposing apis remove protected definitions from apicontroller since controller has it
* make download and redirectresponse publicBernhard Posselt2014-04-201-1/+1
|
* fix master - #7274 brokes itMorris Jobke2014-02-201-0/+1
|
* Scrutinizer Auto-FixesScrutinizer Auto-Fixer2014-02-192-2/+1
| | | | | | | | | | | This patch was automatically generated as part of the following inspection: https://scrutinizer-ci.com/g/owncloud/core/inspections/cdfecc4e-a37e-4233-8025-f0d7252a8720 Enabled analysis tools: - PHP Analyzer - JSHint - PHP Copy/Paste Detector - PHP PDepend
* polish documentation based on scrutinizer patchesJörn Friedrich Dreyer2014-02-062-2/+1
|
* Fix namespace for OCP\Appframework\HttpThomas Tanghus2013-10-231-1/+1
| | | | | To avoid having to use OCP\Appframework\Http\Http in the public - and stable - API OCP\Appframework\Http is now both a class and a namespace.
* OCP\AppFramework\Controller\Controller => OCP\AppFramework\ControllerThomas Tanghus2013-10-111-1/+1
|
* fixing typoThomas Müller2013-10-071-1/+1
|
* fixing SecurityMiddleware to use OC6 APIThomas Müller2013-10-072-16/+20
|
* Remove misleading IMiddleware interfaceThomas Tanghus2013-10-051-2/+2
|
* Make abstract Middleware class publicThomas Tanghus2013-10-053-103/+3
| | | | | It doesn't make sense for subclasses to have to implement all methods.
* move the private namespace OC into lib/private - OCP will stay in lib/publicThomas Müller2013-09-304-0/+436
Conflicts: lib/private/vcategories.php
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-02 01:00:30 +0000