Morris Jobke
c8f2198aa0
Remove recommendation for opcache on CLI
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-05-09 12:25:53 +02:00
Morris Jobke
060b637b70
Show a setup warning in case S3 object storage is used as primary storage
...
* checks for at least 50 GB of free space
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-03-08 13:38:39 +01:00
Morris Jobke
6c7ccbecbf
Add setup check for missing UTF8MB4 on mysql
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-02-28 16:46:23 +01:00
Morris Jobke
faef05730a
Add unit tests and provide better message
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-02-20 10:54:39 +01:00
Daniel Kesselberg
248e824f48
Remove check for outdated caches
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-01-02 10:46:14 +01:00
Morris Jobke
17b2827bbf
Add setup check for pending bigint conversion
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-12-05 13:42:31 +01:00
Morris Jobke
f5ad80fc57
Add setup check for recommended PHP modules (i.e. Imagick, intl)
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-12-05 00:03:05 +01:00
Morris Jobke
f5894b653d
Add check for missing .woff2 rule in Nginx via setup check
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-11-29 17:01:43 +01:00
Morris Jobke
df6e9109c8
Merge pull request #11396 from nextcloud/wellknown-webfinger
...
adding .well-known/webfinger
2018-10-24 14:51:15 +02:00
Daniel Peukert
7a5d6ac15c
Fix failing tests and add some more
...
Signed-off-by: Daniel Peukert <dan.peukert@gmail.com>
2018-10-17 18:51:01 +02:00
Moritz Beck
b68661ed6e
Allow "same-origin" as "Referrer-Policy"
...
Fixes #11531
Although "same-origin" is more strict than e.g. strict-origin it showed up a warning in setupcheck
Based on https://scotthelme.co.uk/a-new-security-header-referrer-policy/
Signed-off-by: Moritz Beck <git@birkenstab.de>
2018-10-11 13:17:26 +02:00
Daniel Calviño Sánchez
d143b43a04
Make possible to set the expected status of the well known URL check
...
The check is based on the HTTP status returned by the URL, and different
URLs may return different status (for example, DAV returns 207, while
a service like WebFinger would return 200), so the expected status needs
to be set depending on the URL.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-10-10 13:48:56 +02:00
Morris Jobke
b8d54bd53a
Fix a misleading setup check for .well-known/caldav & carddav
...
The problem is that the version without the slash is the correct one.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-10 10:41:02 +02:00
Timo Förster
006e150c87
Change check if secure randomness is possible.
...
Signed-off-by: Timo Förster <tfoerster@webfoersterei.de>
2018-08-24 23:12:02 +02:00
Michael Weimann
2bab916c53
Adds license to files. Updates the branch.
...
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2018-08-20 20:46:23 +02:00
Michael Weimann
7aed47f776
Adds tests for the memory checks
...
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2018-08-20 15:24:10 +02:00
Michael Weimann
1d2bc9c45e
Adds tests for the setup memory limit checks
...
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2018-08-20 15:24:10 +02:00
Michael Weimann
ebcfe33d0d
Extends the setup check js tests
...
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2018-08-09 19:48:39 +02:00
Morris Jobke
83b1de4493
Fix unit tests - follow up to #10197
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-07-11 22:02:45 +02:00
Cthulhux
f6f49c77f7
opcache module check
...
Improved the speed of isOpcacheProperlySetup() (instant return instead of continuing when we're already failed), added a check for the opcache extension itself. Potentially fixes #9410
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-07-11 16:08:40 +02:00
Morris Jobke
9c4aecb539
Merge all setup checks into one controller
...
* renamed hasMissingIndexes to missingIndexes
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-06-13 15:25:08 +02:00
Morris Jobke
cd87a40eb3
Merge pull request #9836 from nextcloud/feature/noid/merge-tips-and-tricks-into-setup-checks
...
Merge tips & tricks section into setup checks
2018-06-13 13:18:40 +02:00
Morris Jobke
4a0b7aaf6c
Merge tips & tricks section into setup checks
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-06-13 12:05:38 +02:00
Morris Jobke
624d191ef6
Fix wrong hint about missing indexes
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-06-13 11:56:43 +02:00
Roeland Jago Douma
4b70c9f89d
Add referrer policy setup check
...
Fixes #9122
Based on https://www.w3.org/TR/referrer-policy/ and
https://scotthelme.co.uk/a-new-security-header-referrer-policy/
Setting a sane Referrer-Policy will tell the browser if/when to send
referrer headers when accessing a link from Nextcloud. When configured
properly this results in less tracking and less leaking of (possibly)
sensitive urls
* Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-04 09:21:35 +02:00
Allan Nordhøy
e81f30b124
Spelling: FreeType
2018-01-14 16:01:23 +01:00
Roeland Jago Douma
ee20741526
Add tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-13 17:22:58 +01:00
Morris Jobke
4af12dcab1
Fix unit tests
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-27 08:50:44 +01:00
Markus Staab
db34b59238
Prevent XSS in links which open a new browser window
2017-10-19 12:16:04 +02:00
Morris Jobke
582fb5d129
Update the URLs in tests to use example.org
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-01 11:16:04 +02:00
rakekniven
f2d999aa70
Update setupchecks.js
...
Fixed typo and removed doclink symbol.
Reported at transifex
Update util.php
Another l10n improvement from transifex.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-31 13:41:45 +02:00
Morris Jobke
1fedf450ac
Update Opcache recommendation
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-21 18:21:28 -05:00
Joas Schilling
1c0bffe87f
Fix translations
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:40:53 -05:00
Lukas Reschke
6c8d48b0f6
Harden t() with DOMPurify
...
This mitigates issues where developers pass untrusted user-input through t() which may lead to XSS issues.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 14:17:42 +01:00
Roeland Jago Douma
bb2ec51bbb
Fix unit tests of master
...
Follow up to #3802
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-16 12:46:02 +01:00
Morris Jobke
cee8853658
Show info in admin settings about PHP opcache if disabled
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-22 23:45:48 -06:00
Morris Jobke
a2867c0664
Properly check the data dir
...
* fixes #1364
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-12-05 23:35:35 +01:00
Joas Schilling
0f06034239
Replace more vendor naming
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-11 08:54:21 +01:00
Arthur Schiwon
9b01574465
adjust js tests
2016-08-25 13:47:14 +02:00
Derek
b236100619
Alters 'No Internet Connection' error message. #181
2016-07-20 19:12:10 -05:00
Vincent Petry
fb087a0261
Use temporary htaccesstest.txt for data dir security check
2016-06-07 18:36:13 +02:00
Morris Jobke
e03d289b70
Use 6 months as SSL STS header threshold
...
* this uses 6 months (6 * 30 * 24 * 60 * 60 = 15552000)
* old value was half a year (365 / 2 * 24 * 60 * 60 = 15768000)
* fixes #23957
2016-04-13 08:47:34 +02:00
Lukas Reschke
6ad957906e
Consistently use rel=noreferrer
...
When linking to external entities we should consistently use rel=noreferrer
2016-03-20 15:27:20 +01:00
Lukas Reschke
2ca3c0d461
Adjust wording a bit
...
**Before:**
> Your PHP version (5.4.16) is no longer supported by PHP. We encourage you to upgrade your PHP version to take advantage of performance and security updates provided by PHP.
**After:**
> You are currently running PHP 5.4.0. We encourage you to upgrade your PHP version to take advantage of performance and security updates provided by the PHP Group as soon as your distribution supports it.
Fixes https://github.com/owncloud/enterprise/issues/1170
2016-03-11 17:39:35 +01:00
Thomas Müller
8abdcb8085
Fix error ins source language strings
...
https://www.transifex.com/owncloud-org/owncloud/translate/#en_GB/core/50786279
https://www.transifex.com/owncloud-org/owncloud/translate/#en_GB/settings-1/50555028
2016-02-19 15:04:16 +01:00
Vincent Chan
faf48e42b7
Move data protection check to javascript
...
fixes #20199
2016-02-01 18:57:58 +01:00
Thomas Müller
b1ee51f255
Merge pull request #21630 from owncloud/add-some-security-headers-as-hardening
...
Add X-Download-Options and X-Permitted-Cross-Domain-Policies
2016-01-13 10:33:58 +01:00
Thomas Müller
2493cfede9
Merge pull request #21640 from owncloud/add-config-to-disable-wellknown-check
...
Add config switch to disable the .well-known URL check
2016-01-12 14:46:09 +01:00
Lukas Reschke
4d0dcd3c53
Add X-Download-Options and X-Permitted-Cross-Domain-Policies
...
Two small security hardenings for our IE users and those with Adobe products. Aligns it more with https://github.com/twitter/secureheaders#secureheaders---
2016-01-12 10:37:16 +01:00
Morris Jobke
8b6b042ffd
Add config switch to disable the .well-known URL check
2016-01-12 09:53:23 +01:00