aboutsummaryrefslogtreecommitdiffstats
path: root/tests/lib/AppFramework/Http
Commit message (Collapse)AuthorAgeFilesLines
* fix(phpunit): Remove some more withConsecutive callstechdebt/noid/prepare-phpunit10Joas Schilling2025-03-312-107/+75
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix: Change UserAgent to *cloudfix/noid/thudnerbird-addon-useragentJohannes Endres2025-02-191-1/+1
| | | | | Co-authored-by: Daniel Kesselberg <mail@danielkesselberg.de> Signed-off-by: Johannes Endres <je@johannes-endres.de>
* fix(controller): Fix false booleans in multipart/form-dataJoas Schilling2024-11-281-3/+38
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* chore(deps): Update nextcloud/coding-standard to v1.3.1provokateurin2024-09-191-1/+1
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* refactor: Add void return type to PHPUnit test methodsChristoph Wurst2024-09-1517-291/+291
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* refactor(IMenuAction): Make public menu actions use the new Vue UIFerdinand Thiessen2024-09-031-2/+0
| | | | | | | | This removes custom rendering code an replaces it with the declarative menu actions. Also adjust the template to allow the Vue UI to mount. Custom entries still are possible. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* style: update codestyle for coding-standard 1.2.3Daniel Kesselberg2024-08-253-11/+11
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* test: Adjust tests for CSP nonceFerdinand Thiessen2024-08-132-240/+245
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix(AppFramework): Allow requests with OCS-APIRequest header to pass CSRF checksprovokateurin2024-07-251-0/+20
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* chore: Add SPDX headerAndy Scherzinger2024-05-1319-278/+52
| | | | Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
* test(request): Add tests to strip the port when forwarding requestsJoas Schilling2024-02-131-288/+119
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* test(unit): fix RequestTestArthur Schiwon2024-01-271-3/+4
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* fix(API): Use a distinct exception so apps can react to it and customize the ↵Joas Schilling2023-11-281-1/+2
| | | | | | return Signed-off-by: Joas Schilling <coding@schilljs.com>
* enh(dispatcher): enforce psalm ranges in the http dispatcherArthur Schiwon2023-11-241-0/+47
| | | | | | - allows devs to provide int ranges for API arguments Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* chore: apply changes from Nextcloud coding standards 1.1.1Joas Schilling2023-11-231-1/+1
| | | | | Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* fix(CSP): Only add `strict-dynamic` when using noncesFerdinand Thiessen2023-11-172-59/+59
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix!(ContentSecurityPolicy): Make `strict-dynamic` enabled by default on ↵Ferdinand Thiessen2023-11-171-76/+73
| | | | | | `script-src-elem` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* feat(ContentSecurityPolicy): Allow to set `strict-dynamic` on ↵Ferdinand Thiessen2023-11-172-0/+73
| | | | | | | | | `script-src-elem` only This adds the possibility to set `strict-dynamic` on `script-src-elem` only while keep the default rules for `script-src`. The idea is to allow loading module js which imports other files and thus does not allow nonces on import but on the initial script tag. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Reverse X-Forwarded-For list to read the correct proxy remote addressJoas Schilling2023-11-161-6/+32
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Stop sending deprecated Pragma headerGit'Fellow2023-08-281-2/+0
| | | | Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
* Allow "wasm-unsafe-eval" in CSPDaniel Calviño Sánchez2023-08-102-0/+14
| | | | | | | | | | | | | | | | | | If a page has a Content Security Policy header and the `script-src` (or `default-src`) directive does not contain neither `wasm-unsafe-eval` nor `unsafe-eval` loading and executing WebAssembly is blocked in the page (although it is still possible to load and execute WebAssembly in a worker thread). Although the Nextcloud classes to manage the CSP already supported allowing `unsafe-eval` this affects not only WebAssembly, but also the `eval` operation in JavaScript. To make possible to allow WebAssembly execution without allowing JavaScript `eval` this commit adds support for allowing `wasm-unsafe-eval`. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
* feat(request): Allow to match the client version with the ↵Joas Schilling2023-07-111-0/+57
| | | | | | IRequest::USER_AGENT_* regex Signed-off-by: Joas Schilling <coding@schilljs.com>
* Add template types to responsesjld31032023-06-301-1/+4
| | | | Signed-off-by: jld3103 <jld3103yt@gmail.com>
* chore(appframework)!: Drop ↵Christoph Wurst2023-06-123-37/+3
| | | | | | \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Adapt tests to config value typingCôme Chilliet2023-04-051-6/+6
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Change X-Robots-Tag header from "none" to "noindex, nofollow"MichaIng2023-02-152-2/+2
| | | | | | | | | | While "none" is indeed equivalent to "noindex, nofollow" for Google, but seems to be not supported by Bing and probably other search engines. https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name#other_metadata_names https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag?hl=de#comma-separated-list https://www.bing.com/webmasters/help/which-robots-metatags-does-bing-support-5198d240 Signed-off-by: MichaIng <micha@dietpi.com>
* composer run cs:fixCôme Chilliet2023-01-2010-10/+0
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* feat(app framework)!: Inject services into controller methodsChristoph Wurst2023-01-181-10/+19
| | | | | | | | | | | | | | | Usually Nextcloud DI goes through constructor injection. This has the implication that each instance of a class builds the full DI tree. That is the injected services, their services, etc. Occasionally there is a service that is only needed for one controller method. Then the DI tree is build regardless if used or not. If services are injected into the method, we only build the DI tree if that method gets executed. This is also how Laravel allows injection. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge branch 'master' into add-scim-json-supportStanimir Bozhilov2022-12-193-21/+41
|\ | | | | Signed-off-by: Stanimir Bozhilov <stanimir.bozhilov.1998@gmail.com>
| * Merge pull request #35780 from ↵Vincent Petry2022-12-161-7/+14
| |\ | | | | | | | | | | | | nextcloud/fix/http-dispatcher-double-parameter-cast Fix missing cast of double controller parameters
| | * fix(app framework): Fix missing cast of double controller parametersChristoph Wurst2022-12-151-7/+14
| | | | | | | | | | | | | | | | | | ``settype`` allows 'double' as alias of 'float'. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
| * | check if params given to API are really an arrayArtur Neumann2022-12-151-2/+13
| |/ | | | | | | Signed-off-by: Artur Neumann <artur@jankaritech.com>
| * Fix some more problems with tests under PHP 8.2Côme Chilliet2022-11-151-12/+14
| | | | | | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* | Fix the JSON content type regex to match all MIME typesStanimir Bozhilov2022-09-261-0/+91
| | | | | | | | Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
* | Add unit tests for application/scim+json content typeStanimir Bozhilov2022-09-201-0/+92
|/ | | | Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
* Support specifying IPv6 proxies in CIDR notationSimon Leiner2022-08-021-0/+77
| | | | | | | | | | Previously, it was not possible to use CIDR notation for IPv6 proxies in the trusted_proxies parameter of config.php [1]. This patch adds support for that. [1]: https://docs.nextcloud.com/server/24/admin_manual/configuration_server/reverse_proxy_configuration.html#defining-trusted-proxies Signed-off-by: Simon Leiner <simon@leiner.me>
* Fix PHP 8.2 warnings about undeclared propertiesCôme Chilliet2022-06-211-0/+2
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Remove at matcher uses in tests/libCôme Chilliet2022-06-161-98/+79
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Use JSON_THROW_ON_ERROR instead of custom error handlingJulius Härtl2022-05-301-3/+3
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Merge pull request #31235 from nextcloud/techdebt/noid/extract-request-idJoas Schilling2022-03-223-165/+171
|\ | | | | Extract request id handling to dedicated class so it can be injected without DB dependency
| * Adjust and add unit testsJoas Schilling2022-02-233-165/+171
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Allow to set a strict-dynamic CSP through the APIJulius Härtl2022-03-091-0/+17
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Fix testsJulius Härtl2022-02-281-7/+20
|/ | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* send request id in response headerRobin Appelman2022-02-012-1/+3
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Check style updateCarl Schwan2022-01-131-8/+8
| | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Fix DateTime constructor calls with nullCôme Chilliet2021-11-232-4/+4
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Escape filename in Content-DispositionLukas Reschke2021-06-021-11/+25
| | | | | | We should escape all occurences of ' and \ in here. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Set frame-ancestors to none if none are filledRoeland Jago Douma2020-11-183-59/+59
| | | | | | | | frame-ancestors doesn't fall back to default-src. So when we apply a very restricted CSP we should make sure to set it to 'none' and not leave it empty. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Remove deprecated OCSResponseRoeland Jago Douma2020-11-011-64/+0
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Format code to a single space around binary operatorsChristoph Wurst2020-10-051-5/+5
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-29 01:16:03 +0000