Commit graph

22 commits

Author SHA1 Message Date
Lukas Reschke
b20174bdad Allow AppFramework applications to specify a custom CSP header
This change allows AppFramework applications to specify a custom CSP header for example when the default policy is too strict. Furthermore this allows us to partially migrate away from CSS and allowed eval() in our JavaScript components.

Legacy ownCloud components will still use the previous policy. Application developers can use this as following in their controllers:
```php
$response = new TemplateResponse('activity', 'list', []);
$cspHelper = new ContentSecurityPolicyHelper();
$cspHelper->addAllowedScriptDomain('www.owncloud.org');
$response->addHeader('Content-Security-Policy', $cspHelper->getPolicy());
return $response;
```

Fixes https://github.com/owncloud/core/issues/11857 which is a pre-requisite for https://github.com/owncloud/core/issues/13458 and https://github.com/owncloud/core/issues/11925
2015-02-16 11:00:41 +01:00
Bernhard Posselt
fdc64e370c add a controller and reponse for ocs 2015-02-05 14:02:17 +01:00
Georg Ehrke
f579f2bd94 add Download logfile button to admin settings
add logSettingsController

add download logfile button

move getEntries to LogSettingsController

move set log level to logsettingscontroller.php

add warning if logfile is bigger than 100MB

add unit test for set log level

fix typecasting, add new line at EoF

show log and logfile download only if log_type is set to owncloud

add unit test for getFilenameForDownload
2015-01-07 14:55:53 +01:00
Lukas Reschke
048139074d Add functions to modify cookies to response class
Currently there is no AppFramework way to modify cookies, which makes it unusable for quite some use-cases or results in untestable code.

This PR adds some basic functionalities to add and invalidate cookies.

Usage:
```php
$response = new TemplateResponse(...);
$response->addCookie('foo', 'bar');
$response->invalidateCookie('foo');
$response->addCookie('bar', 'foo', new \DateTime('2015-01-01 00:00'));
```

Existing cookies can be accessed with the AppFramework using `$this->request->getCookie($name)`.
2014-11-27 14:19:00 +01:00
Bernhard Posselt
91a23bfa9c fix typo in content type 2014-11-05 12:04:56 +01:00
Bernhard Posselt
0696099bad add dataresponse
fix docstrings

adjust copyright date

another copyright date update

another header update

implement third headers argument, fix indention, fix docstrings

fix docstrings
2014-10-29 09:43:47 +01:00
Morris Jobke
889088f72d Fix template rendering for 'blank' templates 2014-07-29 16:49:50 +02:00
Bernhard Posselt
587a8df566 remove controller serializers 2014-06-05 18:00:36 +02:00
Bernhard Posselt
1d45239c65 adjust license headers to new mail address 2014-05-11 17:54:08 +02:00
Bernhard Posselt
80648da431 implement most of the basic stuff that was suggested in #8290 2014-05-11 17:54:08 +02:00
Bernhard Posselt
9a4d204b55 add cors middleware
remove methodannotationreader namespace

fix namespace for server container

fix tests

fail if with cors credentials header is set to true, implement a reusable preflighted cors method in the controller baseclass, make corsmiddleware private and register it for every request

remove uneeded  local in cors middleware registratio

dont uppercase cors to easily use it from routes

fix indention

comment fixes

explicitely set allow credentials header to false

dont depend on better controllers PR, fix that stuff later

split cors methods to be in a seperate controller for exposing apis

remove protected definitions from apicontroller since controller has it
2014-05-09 23:34:41 +02:00
Bernhard Posselt
7e447f4f42 make download and redirectresponse public 2014-04-20 16:12:46 +02:00
Lukas Reschke
b04d95b116 Remove uneeded usages of nosniff 2014-04-13 12:48:16 +02:00
Thomas Tanghus
a1aacc18df Add @return PHPDocs 2014-03-10 09:31:30 +01:00
Thomas Tanghus
8f6ea900f2 Chainable Response in AppFramework 2014-03-09 23:01:16 +01:00
Jörn Friedrich Dreyer
2a6a9a8cef polish documentation based on scrutinizer patches 2014-02-06 17:02:21 +01:00
Morris Jobke
bc8cc9142e AppFramework(Controller|HTTP|HTTP-Responses|Middleware), IContainer API fixes 2013-11-25 16:28:24 +01:00
Morris Jobke
ef592981ea unify license headers for public API files 2013-11-03 13:51:39 +01:00
Thomas Tanghus
ad017285e1 Fix namespace for OCP\Appframework\Http
To avoid having to use OCP\Appframework\Http\Http in the public - and stable
- API OCP\Appframework\Http is now both a class and a namespace.
2013-10-23 05:57:34 +02:00
Morris Jobke
30f4d91d01 Public API documentation fixes
refs #4883

 * http/response.php
 * config.php
 * response.php
 * files.php
 * idbconnection.php
 * app.php
 * user.php
 * template.php
 * share.php
 * db.php
 * icache.php & il10n.php
2013-10-17 00:49:15 +02:00
Thomas Müller
e071bfc144 fixing SecurityMiddleware to use OC6 API 2013-10-07 00:33:54 +02:00
Thomas Müller
911bd3c16f moving response classes over to OCP 2013-08-21 01:00:26 +02:00