J0WI
1b074f48d8
Remove duplicated spaces
...
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-08-11 20:11:50 +02:00
J0WI
3f2932c75a
Sort headers
...
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-08-11 20:11:50 +02:00
J0WI
76cbd7db6e
Add X-Frame-Options header to .htaccess
...
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-08-11 20:11:49 +02:00
Roeland Jago Douma
3b1e16458d
Forbid eval on legacy responses
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-04-09 09:58:23 +02:00
Peter Kraume
79b8703f29
Set Referrer-Policy also in addSecurityHeaders()
...
Fix : #12689
Signed-off-by: Peter Kraume <peter.kraume@gmx.de>
2018-11-27 16:39:06 +01:00
Morris Jobke
b0a296e2e1
Do not use HTTP code OC_Response constants anymore
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-06-26 16:14:15 +02:00
Morris Jobke
79d9841bce
Replace hardcoded status headers with calls to http_response_code()
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-06-26 16:14:15 +02:00
Morris Jobke
53a899a1f5
Fix the HTTP 1.0 status code and properly detect 1.0 vs 1.1&2.0
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-03-13 09:22:26 +01:00
Morris Jobke
e758cfcdc8
Remove unused methods of OC_Response
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-03-12 18:42:30 +01:00
Morris Jobke
70b1f510f2
Use normal header() calls instead of private method calls
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-19 09:40:25 +01:00
Morris Jobke
0eebff152a
Update license headers
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Lukas Reschke
dfd8125aeb
Replace wrong PHPDocs
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 08:20:16 +02:00
Joas Schilling
bd37021587
Fix casing of same origin frame option
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-12 12:37:32 +02:00
Morris Jobke
dbf6b7ff86
Merge pull request #4127 from nextcloud/update-legacy-csp-policy
...
Update legacy CSP policy
2017-03-28 17:47:32 -06:00
Lukas Reschke
3a90ab7e0a
Update legacy CSP policy
...
Aligns it with the one enforced by the AppFramework
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-28 23:55:31 +02:00
Lukas Reschke
bff6c8aafc
Move X-Frame-Options into PHP
...
The public calendar view should be embeddable and we can't do that if the .htaccess sets a global X-Frame-Options.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-26 17:26:11 +02:00
Lukas Reschke
fdcb8edd78
Add nonce also to legacy CSP
...
Pages that do not use the AppFramework have its CSP inherited from `\OC_Response::addSecurityHeaders`. While those are not many anymore, there are some examples such as the "Help" page.
To stay completely backwards-compatible we should also add the nonce to the legacy CSP response.
To test that open your browser console and open the help page. Without this you will get a JS error. With this you won't.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-26 09:41:18 +02:00
Sergio Bertolín
0417cbafd0
Changed request to not add a prefix to the url ( #26256 )
...
* Changed request to not add a prefix to the url
* Expecting forbidden instead of service unavailable
* Handling login exceptions
2016-10-20 17:21:08 +02:00
Joas Schilling
ba87db3fcc
Fix others
2016-07-21 18:13:57 +02:00
Lukas Reschke
aba539703c
Update license headers
2016-05-26 19:57:24 +02:00
Roeland Jago Douma
368be8894c
Move non PSR-4 files from lib/private root to legacy
...
As discussed we move all old style classes (OC_FOO_BAR) to legacy.
Then from there we can evaluate the need to convert them back or if they
can be fully deprecated/deleted.
2016-04-30 11:32:22 +02:00