Commit graph

19 commits

Author SHA1 Message Date
Jenkins for ownCloud
6a1a4880f0 Updating license headers 2015-02-23 12:13:59 +01:00
Clark Tomlinson
8d09cc3b91 Merge pull request #13989 from owncloud/enhancment/security/11857
Allow AppFramework applications to specify a custom CSP header
2015-02-18 10:27:29 -05:00
Lukas Reschke
886bda5f81 Refactor OC_Request into TrustedDomainHelper and IRequest
This changeset removes the static class `OC_Request` and moves the functions either into `IRequest` which is accessible via `\OC::$server::->getRequest()` or into a separated `TrustedDomainHelper` class for some helper methods which should not be publicly exposed.

This changes only internal methods and nothing on the public API. Some public functions in `util.php` have been deprecated though in favour of the new non-static functions.

Unfortunately some part of this code uses things like `__DIR__` and thus is not completely unit-testable. Where tests where possible they ahve been added though.

Fixes https://github.com/owncloud/core/issues/13976 which was requested in https://github.com/owncloud/core/pull/13973#issuecomment-73492969
2015-02-16 22:13:00 +01:00
Lukas Reschke
b20174bdad Allow AppFramework applications to specify a custom CSP header
This change allows AppFramework applications to specify a custom CSP header for example when the default policy is too strict. Furthermore this allows us to partially migrate away from CSS and allowed eval() in our JavaScript components.

Legacy ownCloud components will still use the previous policy. Application developers can use this as following in their controllers:
```php
$response = new TemplateResponse('activity', 'list', []);
$cspHelper = new ContentSecurityPolicyHelper();
$cspHelper->addAllowedScriptDomain('www.owncloud.org');
$response->addHeader('Content-Security-Policy', $cspHelper->getPolicy());
return $response;
```

Fixes https://github.com/owncloud/core/issues/11857 which is a pre-requisite for https://github.com/owncloud/core/issues/13458 and https://github.com/owncloud/core/issues/11925
2015-02-16 11:00:41 +01:00
Lukas Reschke
b3f881748d Allow any outgoing XHR connections
Quickfix for https://github.com/owncloud/core/issues/11064
2014-10-30 00:00:40 +01:00
Thomas Müller
51a6764f31 Merge branch 'master' into cleanup-list-code
Conflicts:
	apps/files_sharing/ajax/list.php
2014-05-19 20:52:25 +02:00
Morris Jobke
dc36d30953 Remove all occurences of @brief and @returns from PHPDoc
* test case added to avoid adding them later
2014-05-19 17:50:53 +02:00
Robin McCorkell
87b548ed91 Fix all PHPDoc types and variable names, in /lib 2014-05-13 19:08:14 +01:00
Thomas Müller
3cd32dcb7c adding X-Robots-Tag to all responses of ownCloud + move addSecurityHeaders() to OC_Response, which seems to be a more reasonable place 2014-05-12 15:14:01 +02:00
Lukas Reschke
0b7d9e2668 Cleanup code a little bit
- Use OCP\Response constants instead of the HTTP error code
- Use checkAppEnabled() instead of OC_App::isEnabled with an if statement
- Remove uneeded variable $baseURL
- Rename $isvalid to $isValid
2014-05-04 15:51:08 +02:00
Lukas Reschke
e88731a477 Some more PHPDoc fixes 2014-04-21 15:44:54 +02:00
Vincent Petry
b619ff6076 Return 503 when a config/data dir error exists 2014-03-14 21:05:15 +01:00
Thomas Müller
9fac95c2ab Merge branch 'master' into scrutinizer_documentation_patches
Conflicts:
	lib/private/appconfig.php
2014-02-14 23:03:27 +01:00
Jörn Friedrich Dreyer
2a6a9a8cef polish documentation based on scrutinizer patches 2014-02-06 17:02:21 +01:00
Martial Saunois
c2ed8d5aa1 New user agent added for the Freebox.
The Freebox is the multimedia device of a french Internet provider: Free. This device provides a seedbox which uses the user agent "Mozilla/5.0". In the "Content-Disposition" header, if the "filename" key is used with the "filename*=UTF-8''" value, the seedbox does not take care about the header and saves the file name with the origin URL. This patch brings the support for the Freebox users.
2014-01-26 18:46:09 +01:00
Vincent Petry
09bd5bd517 Added isUserAgent() method to request
- added isUserAgent() method to OC_Request which makes it possible to
  test it
- OC_Response::setContentDisposition now uses OC_Request::isUserAgent()
2013-12-19 18:40:22 +01:00
Vincent Petry
82bf1f9c8c Added workaround for Android content disposition
Fixes #5807
2013-12-10 12:42:41 +01:00
Vincent Petry
409b510889 Moved content disposition code+workarounds to OCP\Response
Added new OC\Response API called setContentDispositionHeader() that
contains the needed workarounds for UTF8 and IE.

Refactored download code to use the new API.

Removed unused trashbin download file.
2013-12-10 12:42:26 +01:00
Thomas Müller
9c9dc276b7 move the private namespace OC into lib/private - OCP will stay in lib/public
Conflicts:
	lib/private/vcategories.php
2013-09-30 16:36:59 +02:00
Renamed from lib/response.php (Browse further)