nextcloud-server.git - Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server

	Commit message (Collapse)	Author	Age	Files	Lines
*	Only trust the X-FORWARDED-HOST header for trusted proxies	Roeland Jago Douma	2018-12-19	1	-53/+90
\| \| \| \|	Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
*	Adding handling of CIDR notation to trusted_proxies for IPv4	Oliver Wegner	2018-10-30	1	-0/+115
\| \| \| \|	Signed-off-by: Oliver Wegner <void1976@gmail.com>
*	Remove testcase	Roeland Jago Douma	2018-03-05	1	-1/+0
\| \| \| \| \| \| \|	Since a token now always requires a string we don't need to test for null Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
*	Fix proper types	Roeland Jago Douma	2018-02-22	1	-1/+1
\| \| \| \|	Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
*	allow 'Nextcloud' in the user agent string of Android	Bjoern Schiessle	2017-12-12	1	-0/+14
\| \| \| \|	Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
*	Use ::class in test mocks	Morris Jobke	2017-10-24	1	-1/+1
\| \| \| \|	Signed-off-by: Morris Jobke <hey@morrisjobke.de>
*	Handle SameSiteCookie check for index.php in AppFramework Middleware	Roeland Jago Douma	2017-09-24	1	-2/+12
\| \| \| \|	Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
*	Don't try to parse empty body if there is no body	Roeland Jago Douma	2017-04-04	1	-1/+4
\| \| \| \| \| \| \| \| \| \| \| \|	Fixes #3890 If we do a put request without a body the current code still tries to read the body. This patch makes sure that we do not try to read the body if the content length is 0. See RFC 2616 Section 4.3 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
*	add test for skipping cookie checks for ocs	Robin Appelman	2017-03-10	1	-0/+25
\| \| \| \|	Signed-off-by: Robin Appelman <robin@icewind.nl>
*	oc_token should be nc_token	Christoph Wurst	2017-02-02	1	-1/+1
\| \| \| \|	Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
*	Harden cookies more appropriate	Lukas Reschke	2016-11-23	1	-0/+70
\| \| \| \| \| \| \| \| \| \|	This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening. See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications. Fixes https://github.com/nextcloud/server/issues/1412 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
*	Identify Chromium as Chrome	Joas Schilling	2016-10-26	1	-0/+14
\| \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com>
*	Merge pull request #797 from nextcloud/only-match-for-auth-cookie	Joas Schilling	2016-08-31	1	-1/+77
\|\ \| \| \| \|	Match only for actual session cookie
\| *	Match only for actual session cookie	Lukas Reschke	2016-08-09	1	-1/+77
\| \| \| \| \| \| \| \|	OVH has implemented load balancing in a very questionable way where the reverse proxy actually internally adds some cookies which would trigger a security exception. To work around this, this change only checks for the session cookie.
* \|	Remove reading PATH_INFO from server variable	Lukas Reschke	2016-08-19	1	-16/+0
\|/ \| \| \| \| \|	Having two code paths for this is unreliable and can lead to bugs. Also, in some cases Apache isn't setting the PATH_INFO variable when mod_rewrite is used. Fixes https://github.com/nextcloud/server/issues/983
*	[master] Port Same-Site Cookies to master	Lukas Reschke	2016-07-20	1	-28/+279
\| \| \| \|	Fixes https://github.com/nextcloud/server/issues/50
*	Move tests/ to PSR-4 (#24731)	Joas Schilling	2016-05-20	1	-0/+1453
	* Move a-b to PSR-4 * Move c-d to PSR-4 * Move e+g to PSR-4 * Move h-l to PSR-4 * Move m-r to PSR-4 * Move s-u to PSR-4 * Move files/ to PSR-4 * Move remaining tests to PSR-4 * Remove Test\ from old autoloader