| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: jld3103 <jld3103yt@gmail.com>
|
|
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
|
|
| |
Signed-off-by: jld3103 <jld3103yt@gmail.com>
|
|
|
|
|
|
| |
\OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
|
|
|
|
| |
Revert mistake
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
|
|
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
|
|
|
|
| |
and allow multiple
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
|
|
|
|
|
|
|
|
| |
While "none" is indeed equivalent to "noindex, nofollow" for Google, but seems to be not supported by Bing and probably other search engines.
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name#other_metadata_names
https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag?hl=de#comma-separated-list
https://www.bing.com/webmasters/help/which-robots-metatags-does-bing-support-5198d240
Signed-off-by: MichaIng <micha@dietpi.com>
|
|
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
|
|
| |
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
|
|
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
|
|
| |
Co-authored-by: Carl Schwan <carl@carlschwan.eu>
Signed-off-by: Daniel <mail@danielkesselberg.de>
|
|
|
|
| |
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
|
|\
| |
| | |
[Psalm] Fix docblock for addFileFromStream
|
| |
| |
| |
| | |
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
|
|/
|
|
| |
Signed-off-by: Julius Härtl <jus@bitgrid.net>
|
|
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
|
|
| |
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
|
|
|
|
|
|
| |
When two booleans conflict when merging CSP policies, true will win.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
|
|
|
|
| |
Signed-off-by: Julius Härtl <jus@bitgrid.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Cache css with version in url. This makes most js and css requests to
be cached by the browser
* Force caching previews, the etag is in the url so that if the propfind
gives a new etag, we will refresh it otherwise it's no use to try to
fetch the new etag and do tons of DB queries
Tested with firefox and 'debug' => false (important so that the js/css
urls are generated with ?v= parameter)
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
|
|
|
|
| |
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
|\ |
|
| |
| |
| |
| | |
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
|
| |
| |
| |
| | |
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
|
| |
| |
| |
| | |
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
|
| |
| |
| |
| | |
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
|
|/
|
|
|
|
| |
Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public.
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
|
|\
| |
| | |
Fix usage of DateTime constants
|
| |
| |
| |
| | |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|/
|
|
|
|
| |
Ref https://securitytxt.org
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
|\
| |
| | |
Fix some php 8 warnings
|
| |
| |
| |
| |
| |
| | |
PHP 8 shows deprecation warnings about this, see #25806
Signed-off-by: Richard de Boer <git@tubul.net>
|
| |
| |
| |
| | |
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
|
|/
|
|
|
|
| |
We should escape all occurences of ' and \ in here.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
|
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
|
| |
JS unsafe-eval was removed a long time ago in https://github.com/nextcloud/server/pull/11028
|
|
|
|
|
|
|
|
|
| |
We use this already in several places where we just pass strings or
numbers.
This all works because we just convert it to a json response in the end.
So better to have the typehints reflect this.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
|
|
|
|
|
|
| |
frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
|
|
| |
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
|
|
| |
Signed-off-by: Julius Härtl <jus@bitgrid.net>
|
|\
| |
| | |
Add php docs build script
|
| |
| |
| |
| | |
Signed-off-by: Julius Härtl <jus@bitgrid.net>
|