Commit graph

108 commits

Author SHA1 Message Date
Jan-Christoph Borchardt
9a75714c22
rename confusing getMailHeaderColor to getColorPrimary, ref #3491
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-03-29 18:23:23 +02:00
Roeland Jago Douma
1ae56b054b
Moving the inline js before the CSS
This allows browsers to do smarted parallel downloads

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-28 22:02:22 +02:00
Jan-Christoph Borchardt
ea517b489f use theming colors for favicon on macOS
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-03-27 15:45:56 +02:00
Roeland Jago Douma
6dbe417c51
Inlince oc.js if possible!
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 22:03:18 +02:00
Lukas Reschke
38b3ac8213
Add ContentSecurityPolicyNonceManager
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 16:35:31 +02:00
Lukas Reschke
9e6634814e
Add support for CSP nonces
CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce.

At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.)

IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO.

Implementing this offers the following advantages:

1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist
2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file.

If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 12:27:50 +02:00
Hendrik Leppelsack
c47833718f remove svg classes 2016-07-01 16:36:37 +02:00
Hendrik Leppelsack
e5d8726859 remove ie8+9 support 2016-06-23 12:34:53 +02:00
C. Montero Luque
0393e80c7c Merge pull request #16857 from owncloud/printStylesheets
Support for print stylesheets
2016-03-31 22:13:44 +02:00
Daniel Aleksandersen
7a45f05ed5 Stupid clients only literally understand rel="icon"
rel="shortcut icon" hasn’t been relevant in years, isn’t in any
standards, and causes problems for simple pattern matching clients.
https://www.w3.org/TR/html/links.html#linkTypes
2016-03-08 21:09:34 +01:00
Hendrik Leppelsack
99b9ec41c1 support print stylesheets 2016-01-13 15:12:11 +01:00
Thomas Müller
2e8d8bf4ef Merge pull request #20236 from maprambo/safari-pinned-tab-icon
added Safari tabbed pin icon
2015-11-09 11:12:38 +01:00
maprambo
edb1fee610 Added Safari tabbed pin icon
Added the necessary code and a black and inverted version of the favicon/ touch icon in svg format
2015-11-04 19:31:17 +01:00
Morris Jobke
069ed71dbe Add favicon for IE 8+ 2015-11-03 14:24:20 +01:00
Lukas Reschke
436c149fbb Prevent referer from being sent
Nice hardening for enhanced privacy. Especially useful when using embedded viewers such as files_pdfviewer.
2015-09-09 18:07:43 +02:00
Jan-Christoph Borchardt
0b27bcba76 add theme-color for better Android browser integration 2015-07-29 18:16:01 +02:00
Volker E
599ee5ce4e fixing #15023, getting comments out of HTML output 2015-03-21 07:10:46 +01:00
Volker E
0d0c73cf2b fixing #15011 by adding ARIA roles where distinct 2015-03-18 19:29:15 +01:00
Volker E
790324b313 addressing #14984 removing redundant type attributes 2015-03-18 05:33:17 +01:00
Volker E
4c46d0c46c addressing #14983 obsolete Google Chrome Frame 2015-03-18 02:11:47 +01:00
Volker E
6ad76b5cc2 addressing #14982 self-closing tags ending slash doesn't have a purpose & should be removed 2015-03-17 23:57:23 +01:00
Volker E
25b77159c4 adressing #14979 meta charset declaration should be first in head 2015-03-17 23:36:05 +01:00
Volker E
f3cd552797 addressing #14978 - remove html root classes targeting IE6/IE7 2015-03-17 22:35:20 +01:00
Joas Schilling
4172ba48d4 Deduplicate template code and do not translate the links 2015-02-09 16:01:52 +01:00
Lukas Reschke
b432ea29c9 Add rel="noreferrer" where possible and switch to HTTPS
Just to follow good practise and prevent some automated scanners to complain about "Cross-domain Referer leakage".
2015-02-04 16:25:37 +01:00
Jan-Christoph Borchardt
ea548cdaaa fix accessibility of logos 2014-12-18 10:51:41 +01:00
Jan-Christoph Borchardt
45c6ec8582 introduce h1, use either ownCloud name or current app name 2014-11-06 13:26:38 +01:00
Lukas Reschke
510d0b2cf3 Fix the "addHeader($tag, $attributes, $text)" methods to not ignore the $text parameter
Also support closing tags with no text content given

Conflicts:
	lib/private/template.php
2014-10-28 11:15:58 +01:00
Clark Tomlinson
ca5abe5744 Setting moment locale based on user selection 2014-10-23 10:32:47 -04:00
Morris Jobke
06eb3b62c6 Merge pull request #10109 from owncloud/issue_#9793_guestlayout
Step one, open guest layout for different styles.
2014-09-15 15:15:41 +02:00
Lukas Reschke
7d2c521b46 Step one, open guest layout for different styles.
Conflicts:
	core/templates/layout.guest.php

Step one, open guest layout for different styles.
2014-09-11 11:41:02 +02:00
Lukas Reschke
bce5c2dae9 Add X-UA-Compatible to all templates
Replaces https://github.com/owncloud/core/pull/10850
2014-09-11 10:28:52 +02:00
Jan-Christoph Borchardt
71e10b66d9 Merge pull request #10944 from owncloud/fix-nojavascript-style
fix no-JS message, and add it to log in and shared as well cause they don’t work without JS
2014-09-08 21:58:54 +02:00
Jan-Christoph Borchardt
bd56619e7a also add no-JavaScript notice to log in and sharing pages because they do not work without JS either 2014-09-08 18:07:20 +02:00
Pascal de Bruijn
73f50287ff templates: use p() for getiTunesAppId 2014-08-28 10:12:59 +02:00
Pascal de Bruijn
49da0a7943 defaults: add customizable defaultiTunesAppId 2014-08-27 14:07:39 +02:00
Clark Tomlinson
e0a8321b23 Adding type to favicon 2014-08-22 16:26:39 -04:00
Thomas Müller
cbe3595f64 using flush() here is pointless as we render the layout into a memory buffer and actually transmit the data later 2014-08-08 15:44:11 +02:00
Morris Jobke
cea7d4961e move to updated version of placeholder 2014-06-03 16:18:06 +02:00
Jan-Christoph Borchardt
60efa0f1c8 Merge pull request #8140 from owncloud/login-valign
Vertically align public layout to better fit small mobile screens
2014-05-15 15:06:52 +02:00
Thomas Müller
30168169b9 Flush the Buffer Early - right after head 2014-04-15 16:56:45 +02:00
jbtbnl
b10bf72999 Vertically align public layout to better fit small mobile screens 2014-04-10 00:33:55 +02:00
Jan-Christoph Borchardt
d2de6e7a66 fix SVG replacement for logo so it works in IE8, fix #7866 2014-03-27 14:31:24 +01:00
Jörn Friedrich Dreyer
3f6d14be85 Merge branch 'core-css-logos' of github.com:Jakobud/owncloud-core
Conflicts:
	core/css/styles.css
2014-02-20 14:29:23 +01:00
Jan-Christoph Borchardt
3e803b5e36 restrict zooming on mobile devices for the publicly accessible, optimized pages 2014-01-17 14:41:05 +01:00
Vincent Petry
f8c865993f Fixed viewport layout using commas instead of semicolons
Fixes #5285
2013-10-11 12:52:34 +02:00
Jake Wilson
5144def99b Moved Core Theme Logos to CSS
In order to make it easier for a user/developer to replace logos in the core theme, I removed the hardcoded `logo.svg` and `logo-wide.svg` from the html, and replaced them with `div`s that use css background-image instead.

This has multiple advantages:
1. The user can now use any filename they want for the logo.  They are no longer forced to use logo.svg or logo-wide.svg.
2. The user can now easily use a JPG, PNG or GIF logo instead of SVG (SVG's are awesome, but used by an unfortunately small percentage of web developers at the current time.  Most probably don't even know how to make an SVG…).
3. The user doesn't have to resort to hacking the core theme template files in order to use a different filename or file type.
4. Greatly simplifies documentation instructions for how to change the logos (http://owncloud.org/theming/).

Signed-off-by: Jake Wilson <jakew@huebnerpetersen.com>
2013-10-10 12:29:13 -06:00
Jan-Christoph Borchardt
94ae66c651 fix web interface showing very small when accessed on smartphone 2013-10-06 22:50:11 +03:00
Jan-Christoph Borchardt
9b1866f1ac merge master 2013-07-24 16:31:01 +02:00
Björn Schießle
75fd6d4fde initialize OC_Defaults in template constructorX 2013-07-24 11:51:21 +02:00