aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public/AppFramework/Http
Commit message (Collapse)AuthorAgeFilesLines
...
* | Escape filename in Content-DispositionLukas Reschke2021-06-021-6/+2
|/ | | | | | We should escape all occurences of ' and \ in here. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Make debugging easier which header is being setJoas Schilling2021-03-241-3/+3
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Initialize \OCP\AppFramework\Http\ZipResponse::$resourcesChristoph Wurst2021-02-171-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update license headersChristoph Wurst2020-12-301-1/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update all license headers for Nextcloud 21Christoph Wurst2020-12-163-0/+3
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Log an error when setting a custom header on "Not Modified" responsesJoas Schilling2020-12-151-0/+14
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Update comment to reflect current CSP policyThomas Citharel2020-12-121-1/+1
| | | JS unsafe-eval was removed a long time ago in https://github.com/nextcloud/server/pull/11028
* Fix DataResponse typehintsRoeland Jago Douma2020-11-191-4/+4
| | | | | | | | | We use this already in several places where we just pass strings or numbers. This all works because we just convert it to a json response in the end. So better to have the typehints reflect this. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Set frame-ancestors to none if none are filledRoeland Jago Douma2020-11-181-0/+2
| | | | | | | | frame-ancestors doesn't fall back to default-src. So when we apply a very restricted CSP we should make sure to set it to 'none' and not leave it empty. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Remove deprecated OCSResponseRoeland Jago Douma2020-11-011-95/+0
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Format code to a single space around binary operatorsChristoph Wurst2020-10-056-10/+10
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add acutal response to BeforeTemplateRenderedEventJulius Härtl2020-09-241-1/+12
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Merge pull request #22432 from nextcloud/enh/phpdocRoeland Jago Douma2020-08-2617-17/+0
|\ | | | | Add php docs build script
| * Remove @package annotations from public namespaceJulius Härtl2020-08-2617-17/+0
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Update the license headers for Nextcloud 20Christoph Wurst2020-08-246-3/+12
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix CSJoas Schilling2020-08-191-0/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Send "429 Too Many Requests" in case of brute force protectionJoas Schilling2020-08-191-0/+51
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #22097 from nextcloud/enh/noid/empty-templateMorris Jobke2020-08-051-0/+5
|\ | | | | Add empty renderAs template
| * Add base renderAs templateJulius Härtl2020-08-041-0/+5
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Move NotFoundResponse to a proper TemplateResponseJulius Härtl2020-07-241-13/+2
|/ | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Add constants for the magic strings of template renderingJoas Schilling2020-07-161-3/+34
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Better event description for BeforeTemplateRenderedEvent in files and ↵Morris Jobke2020-07-151-2/+2
| | | | | | files_sharing Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Add real events to load additionalscriptsRoeland Jago Douma2020-07-152-0/+62
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix robots "noindex, nofollow" signalsJoas Schilling2020-06-252-0/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Allow to specify the cookie type for appframework responsesRoeland Jago Douma2020-06-222-3/+5
| | | | | | | | | In general it is good to set them to Lax. But also to give devs more control over them is not a bad thing. Helps with #21474 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #20897 from nextcloud/bugfix/httpcacheRoeland Jago Douma2020-05-131-5/+4
|\ | | | | Proxy server could cache http response when it is not private
| * Add public argument to Http cacheFor()Clement Wong2020-05-101-5/+4
| | | | | | | | Signed-off-by: Clement Wong <git@clement.hk>
| * Proxy server could cache http response when it is not privateClement Wong2020-05-101-2/+2
| | | | | | | | Signed-off-by: Clement Wong <git@clement.hk>
* | Update license headers for 19Christoph Wurst2020-04-293-0/+3
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add visibility to all constantsChristoph Wurst2020-04-101-2/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Format control structures, classes, methods and functionChristoph Wurst2020-04-1017-50/+26
| | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Unify function spacing to PSR2 recommendationChristoph Wurst2020-04-096-15/+15
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use exactly one empty line after the namespace declarationChristoph Wurst2020-04-095-5/+0
| | | | | | For PSR2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix (array) indent style to always use one tabChristoph Wurst2020-04-094-5/+5
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update the license headers for Nextcloud 19Christoph Wurst2020-03-316-2/+7
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #20170 from nextcloud/techdebt/remove-unused-importsChristoph Wurst2020-03-272-2/+0
|\ | | | | Remove unused imports
| * Remove unused importsChristoph Wurst2020-03-252-2/+0
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Use the short array syntax, everywhereChristoph Wurst2020-03-265-9/+9
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* add docs for useJsNoncePavel Krasikov2020-03-151-0/+1
| | | | Signed-off-by: Pavel Krasikov <klonishe@gmail.com>
* Fix license headersChristoph Wurst2020-01-131-0/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Split the menu entry for external shares in twoDaniel Calviño Sánchez2019-12-301-5/+6
| | | | | | | | | | | | | | | | The external shares entry showed a "button" that, when pressed, replaced the button with the input to set the remote share address. The "button" was actually a label for the input, so when the label was focused it transferred the focus to the input and thus pressing enter or space did not show the input. Moreover, inputs inside links are not valid HTML, and once shown there was no way to hide the input again. Due to all this, and for consistency with the direct link input, the external share input was moved to a different menu item that is shown and hidden when the button, which nows is also a real button, is clicked. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
* Format HTML elementsDaniel Calviño Sánchez2019-12-301-8/+8
| | | | Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
* Update license headersChristoph Wurst2019-12-0529-61/+97
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Some php-cs fixesRoeland Jago Douma2019-11-2210-7/+8
| | | | | | | | | | | * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* set default CSP on NotFoundResponseRoeland Jago Douma2019-09-091-0/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add deprecation warningRoeland Jago Douma2019-08-291-0/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Do not enforce the parent constructor of response to be calledRoeland Jago Douma2019-08-191-10/+8
| | | | | | | If there is no policy set we just take the default empty ones. That way no obscure errors get thrown if the constructor is not called. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* frame-src doesn't respect the nonce attributeRoeland Jago Douma2019-08-161-3/+0
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add feature policy headerRoeland Jago Douma2019-08-104-0/+266
| | | | | | | This adds the events and the classes to modify the feature policy. It also adds a default restricted feature policy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add form-action CSP elementRoeland Jago Douma2019-07-312-0/+35
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-05 19:50:50 +0000