summaryrefslogtreecommitdiffstats
path: root/lib/public/AppFramework/Http
Commit message (Collapse)AuthorAgeFilesLines
* set default CSP on NotFoundResponseRoeland Jago Douma2019-09-101-0/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add deprecation warningRoeland Jago Douma2019-08-291-0/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Do not enforce the parent constructor of response to be calledRoeland Jago Douma2019-08-191-10/+8
| | | | | | | If there is no policy set we just take the default empty ones. That way no obscure errors get thrown if the constructor is not called. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* frame-src doesn't respect the nonce attributeRoeland Jago Douma2019-08-161-3/+0
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add feature policy headerRoeland Jago Douma2019-08-104-0/+266
| | | | | | | This adds the events and the classes to modify the feature policy. It also adds a default restricted feature policy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add form-action CSP elementRoeland Jago Douma2019-07-312-0/+35
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* No need to have these classes we tighten the default CSP from time toRoeland Jago Douma2019-07-273-0/+3
| | | | | | time Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Set empty CSP by defaultRoeland Jago Douma2019-04-1612-1/+34
| | | | | | | | | For #14179 By default responses should have the strictest (and simplest) CSP possible. Only template responses should require an actual CSP. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* CSP: set nonce for iframesRoeland Jago Douma2019-03-161-1/+5
| | | | | | | This for now uses the jsNonce. That way we can easily backport it. For 17 I will fix it properly. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Allow apps to redirect to the default appJoas Schilling2019-03-011-0/+40
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Add StandaloneTemplateResponseRoeland Jago Douma2019-02-061-0/+37
| | | | | | | This can be used by pages that do not have the full Nextcloud UI. So notifications etc do not load there. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Emit to load additionalscriptsRoeland Jago Douma2019-01-311-0/+3
| | | | | | | | | | | | | Fixes #13662 This will fire of an event after a Template Response has been returned. There is an event for the generic loading and one when logged in. So apps can chose to load only on loged in pages. This is a more generic approach than the files app event. As some things we might want to load on other pages as well besides the files app. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Set default frame-ancestors to 'self'Roeland Jago Douma2019-01-081-1/+3
| | | | | | For #13042 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* CSP: Allow fonts to be provided in dataRoeland Jago Douma2019-01-071-0/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Basic CSP no longer deprecatedRoeland Jago Douma2018-11-081-1/+0
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add report-uri to CSPRoeland Jago Douma2018-10-212-0/+23
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Disallow unsafe-eval by defaultRoeland Jago Douma2018-10-141-6/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add PHPDocMorris Jobke2018-10-021-4/+14
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* fixup! Add fix responseRoeland Jago Douma2018-10-021-1/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* fixup! Add fix responseRoeland Jago Douma2018-10-021-3/+5
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add fix responseJakob Sack2018-10-021-0/+75
| | | | implements #7589
* Deprecate the childSrc functionsRoeland Jago Douma2018-09-041-0/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add workerSrc to CSPRoeland Jago Douma2018-09-042-0/+34
| | | | | | | | | Fixes #11035 Since the child-src directive is deprecated (we should kill it at some point) we need to have the proper worker-src available Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Disallow eval on the StrictEvalCSPRoeland Jago Douma2018-07-111-1/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add stricter CSPsRoeland Jago Douma2018-06-134-2/+192
| | | | | | | | | | | | * Deprecate our default CSP * Add strict CSP that is always our strictest setting * Add strict eval CSP (disable unsafe-eval) * Add strict inline CSP (disables inline styles) This is just to move forward and have a incremental improvement of our CSP Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Move caching logic to responseRoeland Jago Douma2018-06-041-2/+14
| | | | | | | | | | This avoids having to do it at all the places we want cached responses. We can't inject the ITimeFactor without breaking public API. However we can perfectly overwrite the service (resulting in the same testable effect). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add since tagsJulius Härtl2018-04-052-1/+18
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Move external share saving to templateJulius Härtl2018-04-051-7/+3
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Add footer to public page templateJulius Härtl2018-04-051-0/+15
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Move common menu templates to public APIJulius Härtl2018-04-052-0/+130
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Remove settersJulius Härtl2018-02-271-48/+0
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Rework array handling to avoid phan errorJulius Härtl2018-02-271-27/+12
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Add id to list elementJulius Härtl2018-02-271-2/+2
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Sort menu by priorityJulius Härtl2018-02-271-0/+3
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Add missing phpdoc for public APIJulius Härtl2018-02-272-1/+65
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Add phpdoc, typehints and sanitize HTMLJulius Härtl2018-02-271-5/+69
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Add menu item abstractionJulius Härtl2018-02-273-0/+265
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Pass template parameters to parent templateJulius Härtl2018-02-271-1/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Make sure that render always returns a stringRoeland Jago Douma2018-02-211-2/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Change @georgehrke's emailMorris Jobke2017-11-061-1/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Update license headersMorris Jobke2017-11-068-0/+12
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Doc: Fix phpDoc issuesJulius Härtl2017-10-231-1/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* OC_OCS_Response is deprecatedRoeland Jago Douma2017-09-211-1/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* fix typo and set @since properlyThomas Citharel2017-09-152-6/+6
| | | | Signed-off-by: Thomas Citharel <tcit@tcit.fr>
* Add CSP frame-ancestors supportThomas Citharel2017-09-152-0/+34
| | | | | | Didn't set the @since annotation yet. Signed-off-by: Thomas Citharel <tcit@tcit.fr>
* Merge pull request #5907 from nextcloud/add-metadata-to-throttle-callMorris Jobke2017-08-011-1/+15
|\ | | | | Add metadata to \OCP\AppFramework\Http\Response::throttle
| * Add metadata to \OCP\AppFramework\Http\Response::throttleLukas Reschke2017-07-271-1/+15
| | | | | | | | | | | | Fixes https://github.com/nextcloud/server/issues/5891 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | Replace wrong PHPDocsLukas Reschke2017-08-012-1/+2
|/ | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Some phpstorm inspection fixesRoeland Jago Douma2017-07-222-2/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Remove unused use statementsMorris Jobke2017-04-223-4/+0
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-22 23:11:34 +0000