aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public/AppFramework/Http
Commit message (Collapse)AuthorAgeFilesLines
* Add IgnoreOpenAPI attributejld31032023-07-101-0/+37
| | | | Signed-off-by: jld3103 <jld3103yt@gmail.com>
* chore: Replace \OC::$server->query with \OCP\Server::get in /libChristoph Wurst2023-07-061-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add template types to responsesjld31032023-06-3017-94/+198
| | | | Signed-off-by: jld3103 <jld3103yt@gmail.com>
* chore(appframework)!: Drop ↵Christoph Wurst2023-06-121-18/+1
| | | | | | \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Drop meta robots tagGit'Fellow2023-06-091-1/+0
| | | | | | Revert mistake Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
* fix(docs): Fix language and copy-paste class name in docs of CSPJoas Schilling2023-05-303-4/+4
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(security): Add PHP \Attribute for remaining security annotationsJoas Schilling2023-04-258-0/+315
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(ratelimit): Add Attributes support to rate limit middlewareJoas Schilling2023-04-243-0/+133
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute ↵Joas Schilling2023-03-082-1/+53
| | | | | | and allow multiple Signed-off-by: Joas Schilling <coding@schilljs.com>
* Change X-Robots-Tag header from "none" to "noindex, nofollow"MichaIng2023-02-151-1/+1
| | | | | | | | | | While "none" is indeed equivalent to "noindex, nofollow" for Google, but seems to be not supported by Bing and probably other search engines. https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name#other_metadata_names https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag?hl=de#comma-separated-list https://www.bing.com/webmasters/help/which-robots-metatags-does-bing-support-5198d240 Signed-off-by: MichaIng <micha@dietpi.com>
* feat(app-framework): Add UseSession attribute to replace annotationChristoph Wurst2023-01-271-0/+37
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* composer run cs:fixCôme Chilliet2023-01-2016-16/+0
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Fix typo in deprecatedJoas Schilling2022-10-041-2/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Add description for public and immutableDaniel2022-09-031-2/+2
| | | | Co-authored-by: Carl Schwan <carl@carlschwan.eu> Signed-off-by: Daniel <mail@danielkesselberg.de>
* Update docblock for cacheForDaniel Kesselberg2022-09-031-2/+4
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Merge pull request #32485 from nextcloud/debt/noid/psalm-streamer-fhblizzz2022-05-311-1/+1
|\ | | | | [Psalm] Fix docblock for addFileFromStream
| * Fix type for resourceDaniel Kesselberg2022-05-241-1/+1
| | | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | Use JSON_THROW_ON_ERROR instead of custom error handlingJulius Härtl2022-05-301-7/+1
|/ | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Make appName of TemplateResponse accessible in BeforeTemplateRenderedEventJoas Schilling2022-05-201-0/+9
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix psalm warning for zip response due wrong typeDaniel Kesselberg2022-05-131-4/+4
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Add CSP policy merge priority for booleansVincent Petry2022-04-011-1/+1
| | | | | | When two booleans conflict when merging CSP policies, true will win. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Allow to set a strict-dynamic CSP through the APIJulius Härtl2022-03-092-0/+17
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Improve caching policyCarl Schwan2022-02-161-2/+2
| | | | | | | | | | | | | | * Cache css with version in url. This makes most js and css requests to be cached by the browser * Force caching previews, the etag is in the url so that if the propfind gives a new etag, we will refresh it otherwise it's no use to try to fetch the new etag and do tons of DB queries Tested with firefox and 'debug' => false (important so that the js/css urls are generated with ?v= parameter) Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* send request id in response headerRobin Appelman2022-02-011-0/+7
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Merge branch 'master' into enhancement/noid/IURLGenerator-linkToDefaultPageUrlDaniel Rudolf2021-08-041-1/+1
|\
| * Remove some mentions of ownCloud from our api documentationCarl Schwan2021-07-291-1/+1
| | | | | | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* | Add RedirectToDefaultAppResponse::__construct() annotationsDaniel Rudolf2021-07-011-0/+3
| | | | | | | | Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
* | Deprecate RedirectToDefaultAppResponseDaniel Rudolf2021-07-011-3/+2
| | | | | | | | Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
* | Remove \OC::$server->getURLGenerator() usageDaniel Rudolf2021-07-011-1/+4
| | | | | | | | Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
* | Add IUrlGenerator::linkToDefaultPageUrl()Daniel Rudolf2021-06-301-1/+2
|/ | | | | | Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public. Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
* Merge pull request #27635 from nextcloud/fix/datetime-constantsPytal2021-06-231-2/+2
|\ | | | | Fix usage of DateTime constants
| * Move DateTime::RFC2822 to DateTimeInterface::2822Christoph Wurst2021-06-231-2/+2
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Add security.txtLukas Reschke2021-06-231-0/+62
|/ | | | | | Ref https://securitytxt.org Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Merge pull request #26494 from rigrig/fix-php8-deprecationsMorris Jobke2021-06-071-1/+1
|\ | | | | Fix some php 8 warnings
| * Fix a usort comparison function returning a boolean instead of an integerRichard de Boer2021-05-291-1/+1
| | | | | | | | | | | | PHP 8 shows deprecation warnings about this, see #25806 Signed-off-by: Richard de Boer <git@tubul.net>
* | Update php licensesJohn Molakvoæ (skjnldsv)2021-06-0430-68/+20
| | | | | | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* | Escape filename in Content-DispositionLukas Reschke2021-06-021-6/+2
|/ | | | | | We should escape all occurences of ' and \ in here. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Make debugging easier which header is being setJoas Schilling2021-03-241-3/+3
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Initialize \OCP\AppFramework\Http\ZipResponse::$resourcesChristoph Wurst2021-02-171-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update license headersChristoph Wurst2020-12-301-1/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update all license headers for Nextcloud 21Christoph Wurst2020-12-163-0/+3
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Log an error when setting a custom header on "Not Modified" responsesJoas Schilling2020-12-151-0/+14
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Update comment to reflect current CSP policyThomas Citharel2020-12-121-1/+1
| | | JS unsafe-eval was removed a long time ago in https://github.com/nextcloud/server/pull/11028
* Fix DataResponse typehintsRoeland Jago Douma2020-11-191-4/+4
| | | | | | | | | We use this already in several places where we just pass strings or numbers. This all works because we just convert it to a json response in the end. So better to have the typehints reflect this. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Set frame-ancestors to none if none are filledRoeland Jago Douma2020-11-181-0/+2
| | | | | | | | frame-ancestors doesn't fall back to default-src. So when we apply a very restricted CSP we should make sure to set it to 'none' and not leave it empty. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Remove deprecated OCSResponseRoeland Jago Douma2020-11-011-95/+0
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Format code to a single space around binary operatorsChristoph Wurst2020-10-056-10/+10
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add acutal response to BeforeTemplateRenderedEventJulius Härtl2020-09-241-1/+12
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Merge pull request #22432 from nextcloud/enh/phpdocRoeland Jago Douma2020-08-2617-17/+0
|\ | | | | Add php docs build script
| * Remove @package annotations from public namespaceJulius Härtl2020-08-2617-17/+0
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>