CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce.
At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.)
IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO.
Implementing this offers the following advantages:
1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist
2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file.
If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This prevents cryptic messages such as the following, from `user_ldap`:
Could not set avatar for uid=user,ou=People,dc=example,dc=net, because:
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
Add message to NotPermittedException thrown from Files\Nodes\Folder
Ditto.
Don't use translation macros here as this seems to be pretty low-level
errors that generally get caught and prettified, and I don't want to
unduly clog down the lower layers.
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
fixup! Add message to NotPermittedException thrown from Files\Nodes\Folder
When unsharing from self in a group share situation, the share items
passed to the post_unshareFromSelf hook were using the wrong format in
which the attribute names (ex: "share_type") have non camel-case format.
This fix makes sure that in group sharing case we use the correct
format. It looks like the code was already producing it but in
array_merge it was not using it and adding the unprocessed one.
* notifications can be cleaned up, no polluted DB
* updating comments will re-notify users or remove notifications, depending on the message
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Use DI to load console commands from the apps - class name to be defined in the info.xml
* Load commands from info.xml
* Fix unit test
* Allow Di magic for IMountManager
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
We always query the database backend. Even if we use a different one
(ldap for example). Now we do this everytime we try to get a user object
so caching that a user is not in the DB safes some queries on each
request then (at least 2 what I found).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Don't parse info.xml but reuse already cached app infos - fixes#25603
* Use === in InfoParser. Fixes test
* InfoParser should not depend on UrlGenerator - fixes issue with session being closed too early
(WIP) notify user when mentioned in comments
Fix doc, and create absolute URL for as notification link.
PSR-4 compatibility changes
also move notification creation to comments app
Do not notify yourself
unit test for controller and application
smaller fixes
- translatable app name
- remove doubles in mention array
- micro perf optimization
- display name: special label for deleted users, keep user id for users that could not be fetched from userManager
Comment Notification-Listener Unit Test
fix email adresses
remove notification when triggering comment was deleted
add and adjust tests
add missing @license tags
simplify NotificationsController registration
appinfo simplification, php docs
make string easier to translate
adjust test
replace dispatcher-based listeners with a registration method and interface
safer to not pass optional data parameter to setSubject for marking as processed. ID and mention suffices
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
update comment
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Otherwise `null` is returned which leads to a ton of similar error messages if the log condition setting is enabled.:
```
{"reqId":"3wVBarnDfOV3qkI1bVCU","remoteAddr":"89.98.78.41","app":"PHP","message":"hash_equals(): Expected user_string to be a string, null given at \/var\/www\/html\/lib\/private\/Log.php#275","level":3,"time":"2016-10-07T14:22:15+00:00","method":"PROPFIND","url":"\/remote.php\/webdav\/","user":"icewind"}
```
When resolving a group share to the user group share we used to do this
on a per share basis. Now we try to do this for all group shares at
once. Of course still chunked.
Before: N incomming group shares this would mean 1 + N queries
Now: N incomming roups shares this would mean 1 + 1 queries
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The DefaultShareProvider now does a DB-level check to find out whether
file_source is accessible at all (deleted file) or whether it's in the
trashbin of a home storage.
One small corner case where the home storage id is in md5 form cannot
be covered properly with this approach.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Introduce simpleFS
* Introduce IAppData
* Introduce AppData Factory to get your AppData folder
* Update FileDisplayResponse
* AppData implements a ISimpleRoot but lazy. So only if an apps starts
to access data will stuff get initialized
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* before you could request an avatar for User instead of user
which sets up the filesystem for that user twice causing
the sharing codes collision detection to detect a lot of
collisions
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
