aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public/AppFramework/Http
Commit message (Collapse)AuthorAgeFilesLines
* feat: Allow passing additional encode flags for json responseChristopher Ng2024-08-011-2/+15
| | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* feat: Increase max depth of encoded jsonChristopher Ng2024-08-011-1/+1
| | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* feat: allow for ExApps to call Admin endpoints marked with specific attrAlexander Piskun2024-07-181-0/+21
| | | | Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
* fix: ARateLimit documentationskjnldsv2024-07-121-0/+2
| | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* feat(OpenAPI): Add ex_app scopeprovokateurin2024-07-021-0/+8
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* feat(AppFramework): Add ExAppRequired attributeprovokateurin2024-07-011-0/+21
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* chore: Add SPDX headerAndy Scherzinger2024-05-2451-1043/+130
| | | | Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
* fix(AppFramework): Fix error message about 204 not allowing custom headersprovokateurin2024-04-081-1/+1
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* fix: Apply new coding standard to all filesCôme Chilliet2024-04-021-1/+1
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Allow nonce in csp header also if no other reasons are givenJulius Härtl2024-03-081-3/+3
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* feat(AppFramework): Add Route attributeprovokateurin2024-02-213-0/+287
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* fix(API): Use a distinct exception so apps can react to it and customize the ↵Joas Schilling2023-11-281-0/+79
| | | | | | return Signed-off-by: Joas Schilling <coding@schilljs.com>
* chore: apply changes from Nextcloud coding standards 1.1.1Joas Schilling2023-11-231-1/+1
| | | | | Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* fix(CSP): Only add `strict-dynamic` when using noncesFerdinand Thiessen2023-11-171-6/+6
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix!(ContentSecurityPolicy): Make `strict-dynamic` enabled by default on ↵Ferdinand Thiessen2023-11-171-1/+1
| | | | | | `script-src-elem` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* feat(ContentSecurityPolicy): Allow to set `strict-dynamic` on ↵Ferdinand Thiessen2023-11-172-6/+30
| | | | | | | | | `script-src-elem` only This adds the possibility to set `strict-dynamic` on `script-src-elem` only while keep the default rules for `script-src`. The idea is to allow loading module js which imports other files and thus does not allow nonces on import but on the initial script tag. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* feat(openapi): Add OpenAPI attribute to allow multiple scopes and ↵Joas Schilling2023-11-032-0/+100
| | | | | | overwriting tags Signed-off-by: Joas Schilling <coding@schilljs.com>
* Stop sending deprecated Pragma headerGit'Fellow2023-08-281-4/+3
| | | | Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
* add separate event for rendering login page templateRobin Appelman2023-08-171-0/+52
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Allow "wasm-unsafe-eval" in CSPDaniel Calviño Sánchez2023-08-103-1/+21
| | | | | | | | | | | | | | | | | | If a page has a Content Security Policy header and the `script-src` (or `default-src`) directive does not contain neither `wasm-unsafe-eval` nor `unsafe-eval` loading and executing WebAssembly is blocked in the page (although it is still possible to load and execute WebAssembly in a worker thread). Although the Nextcloud classes to manage the CSP already supported allowing `unsafe-eval` this affects not only WebAssembly, but also the `eval` operation in JavaScript. To make possible to allow WebAssembly execution without allowing JavaScript `eval` this commit adds support for allowing `wasm-unsafe-eval`. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
* fix!: Remove legacy event dispatching Symfony's GenericEvent from ↵Joas Schilling2023-07-271-9/+0
| | | | | | AdditionalScripts Signed-off-by: Joas Schilling <coding@schilljs.com>
* Add IgnoreOpenAPI attributejld31032023-07-101-0/+37
| | | | Signed-off-by: jld3103 <jld3103yt@gmail.com>
* chore: Replace \OC::$server->query with \OCP\Server::get in /libChristoph Wurst2023-07-061-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add template types to responsesjld31032023-06-3017-94/+198
| | | | Signed-off-by: jld3103 <jld3103yt@gmail.com>
* chore(appframework)!: Drop ↵Christoph Wurst2023-06-121-18/+1
| | | | | | \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Drop meta robots tagGit'Fellow2023-06-091-1/+0
| | | | | | Revert mistake Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
* fix(docs): Fix language and copy-paste class name in docs of CSPJoas Schilling2023-05-303-4/+4
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(security): Add PHP \Attribute for remaining security annotationsJoas Schilling2023-04-258-0/+315
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(ratelimit): Add Attributes support to rate limit middlewareJoas Schilling2023-04-243-0/+133
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute ↵Joas Schilling2023-03-082-1/+53
| | | | | | and allow multiple Signed-off-by: Joas Schilling <coding@schilljs.com>
* Change X-Robots-Tag header from "none" to "noindex, nofollow"MichaIng2023-02-151-1/+1
| | | | | | | | | | While "none" is indeed equivalent to "noindex, nofollow" for Google, but seems to be not supported by Bing and probably other search engines. https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name#other_metadata_names https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag?hl=de#comma-separated-list https://www.bing.com/webmasters/help/which-robots-metatags-does-bing-support-5198d240 Signed-off-by: MichaIng <micha@dietpi.com>
* feat(app-framework): Add UseSession attribute to replace annotationChristoph Wurst2023-01-271-0/+37
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* composer run cs:fixCôme Chilliet2023-01-2016-16/+0
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Fix typo in deprecatedJoas Schilling2022-10-041-2/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Add description for public and immutableDaniel2022-09-031-2/+2
| | | | Co-authored-by: Carl Schwan <carl@carlschwan.eu> Signed-off-by: Daniel <mail@danielkesselberg.de>
* Update docblock for cacheForDaniel Kesselberg2022-09-031-2/+4
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Merge pull request #32485 from nextcloud/debt/noid/psalm-streamer-fhblizzz2022-05-311-1/+1
|\ | | | | [Psalm] Fix docblock for addFileFromStream
| * Fix type for resourceDaniel Kesselberg2022-05-241-1/+1
| | | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | Use JSON_THROW_ON_ERROR instead of custom error handlingJulius Härtl2022-05-301-7/+1
|/ | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Make appName of TemplateResponse accessible in BeforeTemplateRenderedEventJoas Schilling2022-05-201-0/+9
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix psalm warning for zip response due wrong typeDaniel Kesselberg2022-05-131-4/+4
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Add CSP policy merge priority for booleansVincent Petry2022-04-011-1/+1
| | | | | | When two booleans conflict when merging CSP policies, true will win. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Allow to set a strict-dynamic CSP through the APIJulius Härtl2022-03-092-0/+17
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Improve caching policyCarl Schwan2022-02-161-2/+2
| | | | | | | | | | | | | | * Cache css with version in url. This makes most js and css requests to be cached by the browser * Force caching previews, the etag is in the url so that if the propfind gives a new etag, we will refresh it otherwise it's no use to try to fetch the new etag and do tons of DB queries Tested with firefox and 'debug' => false (important so that the js/css urls are generated with ?v= parameter) Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* send request id in response headerRobin Appelman2022-02-011-0/+7
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Merge branch 'master' into enhancement/noid/IURLGenerator-linkToDefaultPageUrlDaniel Rudolf2021-08-041-1/+1
|\
| * Remove some mentions of ownCloud from our api documentationCarl Schwan2021-07-291-1/+1
| | | | | | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* | Add RedirectToDefaultAppResponse::__construct() annotationsDaniel Rudolf2021-07-011-0/+3
| | | | | | | | Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
* | Deprecate RedirectToDefaultAppResponseDaniel Rudolf2021-07-011-3/+2
| | | | | | | | Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
* | Remove \OC::$server->getURLGenerator() usageDaniel Rudolf2021-07-011-1/+4
| | | | | | | | Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-30 15:56:30 +0000