| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
|
| |
|
|
| |
Signed-off-by: provokateurin <kate@provokateurin.de>
|
| |
|
|
| |
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
|
| |
|
|
| |
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
|
| |
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |
|
|
| |
Signed-off-by: jld3103 <jld3103yt@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
While "none" is indeed equivalent to "noindex, nofollow" for Google, but seems to be not supported by Bing and probably other search engines.
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name#other_metadata_names
https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag?hl=de#comma-separated-list
https://www.bing.com/webmasters/help/which-robots-metatags-does-bing-support-5198d240
Signed-off-by: MichaIng <micha@dietpi.com>
|
| |
|
|
| |
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
|
| |
|
|
| |
Co-authored-by: Carl Schwan <carl@carlschwan.eu>
Signed-off-by: Daniel <mail@danielkesselberg.de>
|
| |
|
|
| |
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Cache css with version in url. This makes most js and css requests to
be cached by the browser
* Force caching previews, the etag is in the url so that if the propfind
gives a new etag, we will refresh it otherwise it's no use to try to
fetch the new etag and do tons of DB queries
Tested with firefox and 'debug' => false (important so that the js/css
urls are generated with ?v= parameter)
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
|
| |
|
|
| |
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
| |
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |
|
|
| |
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
|
| |
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| |
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| |
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| |
|
|
|
|
|
|
|
| |
In general it is good to set them to Lax. But also to give devs more
control over them is not a bad thing.
Helps with #21474
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| |
|
|
| |
Signed-off-by: Clement Wong <git@clement.hk>
|
| |
|
|
| |
Signed-off-by: Clement Wong <git@clement.hk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |
|
|
|
|
|
| |
If there is no policy set we just take the default empty ones.
That way no obscure errors get thrown if the constructor is not called.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| |
|
|
|
|
|
| |
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| |
|
|
|
|
|
|
|
| |
For #14179
By default responses should have the strictest (and simplest) CSP
possible. Only template responses should require an actual CSP.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| |
|
|
|
|
|
|
|
|
| |
This avoids having to do it at all the places we want cached responses.
We can't inject the ITimeFactor without breaking public API.
However we can perfectly overwrite the service (resulting in the same
testable effect).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| |
|
|
| |
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| |
|
|
| |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |\
| |
| | |
Add metadata to \OCP\AppFramework\Http\Response::throttle
|
| | |
| |
| |
| |
| |
| | |
Fixes https://github.com/nextcloud/server/issues/5891
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
| |/
|
|
| |
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
| |
|
|
|
|
|
|
| |
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.
Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
| |
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |
|
|
|
| |
If a repsonse now explicitly has the Empty CSP set then the middleware
won't touch it.
|
| |
|
|
|
| |
* Set proper caching headers for avatars (15 minutes)
* For our own avatar use some extra logic to invalidate when we update
|
| | |
|
| | |
|
| |
|
