Commit graph

28 commits

Author SHA1 Message Date
Lukas Reschke
7dda86f371 Return proper status code in case of a CORS exception
When returning a 500 statuscode external applications may interpret this as an error instead of handling this more gracefully. This will now make return a 401 thus.

Fixes https://github.com/owncloud/core/issues/17742
2015-07-20 12:54:22 +02:00
Bernhard Posselt
c8e3599cad disallow cookie auth for cors requests
testing ...

fixes

fix test

add php doc

fix small mistake

add another phpdoc

remove not working cors annotations from files app
2015-05-22 14:06:26 +02:00
Jenkins for ownCloud
b585d87d9d Update license headers 2015-03-26 11:44:36 +01:00
Morris Jobke
06aef4e8b1 Revert "Updating license headers"
This reverts commit 6a1a4880f0.
2015-02-26 11:37:37 +01:00
Jenkins for ownCloud
6a1a4880f0 Updating license headers 2015-02-23 12:13:59 +01:00
Lukas Reschke
07f0d76fc6 Move CSRF check
Because we're closing the session now before controllers are executed there are cases where we cannot write the session.
2014-11-17 15:10:53 +01:00
Lukas Reschke
cd5925036a Check if app is enabled for user
Fixes https://github.com/owncloud/core/issues/12188 for AppFramework apps
2014-11-15 11:13:55 +01:00
Lukas Reschke
d060180140 Use function outside of loop
Otherwise the function is executed n times which is a lot of overhead
2014-10-24 12:27:53 +02:00
Thomas Müller
02c5933af8 introduce SessionMiddleWare to control session handling via an annotation 2014-10-22 12:44:19 +02:00
Morris Jobke
b6a4cc20f7 Redirect after session expiry to the previous loaded page
* fixes #6945
2014-07-01 16:54:52 +02:00
Bernhard Posselt
5e9ea2b365 fix 8757, get rid of service locator antipattern 2014-05-28 02:15:16 +02:00
Bernhard Posselt
63f2f16b85 use new controllermethodreflector for corsmiddleware 2014-05-11 17:55:59 +02:00
Bernhard Posselt
1d45239c65 adjust license headers to new mail address 2014-05-11 17:54:08 +02:00
Bernhard Posselt
c590244fa1 add private property for reflector in security middleware 2014-05-11 17:54:08 +02:00
Bernhard Posselt
80648da431 implement most of the basic stuff that was suggested in #8290 2014-05-11 17:54:08 +02:00
Bernhard Posselt
e05192a23d Fix method signature 2014-05-11 14:03:58 +02:00
Bernhard Posselt
9a4d204b55 add cors middleware
remove methodannotationreader namespace

fix namespace for server container

fix tests

fail if with cors credentials header is set to true, implement a reusable preflighted cors method in the controller baseclass, make corsmiddleware private and register it for every request

remove uneeded  local in cors middleware registratio

dont uppercase cors to easily use it from routes

fix indention

comment fixes

explicitely set allow credentials header to false

dont depend on better controllers PR, fix that stuff later

split cors methods to be in a seperate controller for exposing apis

remove protected definitions from apicontroller since controller has it
2014-05-09 23:34:41 +02:00
Bernhard Posselt
7e447f4f42 make download and redirectresponse public 2014-04-20 16:12:46 +02:00
Morris Jobke
b76a3993d4 fix master - #7274 brokes it 2014-02-20 09:47:59 +01:00
Scrutinizer Auto-Fixer
adaee6a5a1 Scrutinizer Auto-Fixes
This patch was automatically generated as part of the following inspection:
https://scrutinizer-ci.com/g/owncloud/core/inspections/cdfecc4e-a37e-4233-8025-f0d7252a8720

Enabled analysis tools:
 - PHP Analyzer
 - JSHint
 - PHP Copy/Paste Detector
 - PHP PDepend
2014-02-19 09:31:54 +01:00
Jörn Friedrich Dreyer
2a6a9a8cef polish documentation based on scrutinizer patches 2014-02-06 17:02:21 +01:00
Thomas Tanghus
ad017285e1 Fix namespace for OCP\Appframework\Http
To avoid having to use OCP\Appframework\Http\Http in the public - and stable
- API OCP\Appframework\Http is now both a class and a namespace.
2013-10-23 05:57:34 +02:00
Thomas Tanghus
d75d80ba13 OCP\AppFramework\Controller\Controller => OCP\AppFramework\Controller 2013-10-11 10:07:57 +02:00
Thomas Müller
54e77e0e66 fixing typo 2013-10-07 00:40:37 +02:00
Thomas Müller
e071bfc144 fixing SecurityMiddleware to use OC6 API 2013-10-07 00:33:54 +02:00
Thomas Tanghus
47b2007228 Remove misleading IMiddleware interface 2013-10-05 19:13:12 +02:00
Thomas Tanghus
c85621a897 Make abstract Middleware class public
It doesn't make sense for subclasses to have to implement
all methods.
2013-10-05 16:59:06 +02:00
Thomas Müller
9c9dc276b7 move the private namespace OC into lib/private - OCP will stay in lib/public
Conflicts:
	lib/private/vcategories.php
2013-09-30 16:36:59 +02:00