wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
server/core/js
History
Lukas Reschke bbd5f28415 Let users configure security headers in their Webserver 
Doing this in the PHP code is not the right approach for multiple reasons:

1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.

This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
2015-03-02 19:07:46 +01:00
..
tests Let users configure security headers in their Webserver 2015-03-02 19:07:46 +01:00
apps.js Replaced spaces with tabs in apps.js 2014-08-12 12:00:34 +02:00
avatar.js Load avatar in header via PHP 2014-10-23 23:17:18 +02:00
backgroundjobs.js JavaScript file for activating web cron 2012-08-09 00:58:54 +02:00
compatibility.js Scrutinizer cleanup 2014-06-02 21:09:41 +02:00
config.js Improved Javascript docs for JSDoc 2014-10-31 13:43:30 +01:00
config.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
core.json Let users configure security headers in their Webserver 2015-03-02 19:07:46 +01:00
eventsource.js Encode requesttoken 2015-02-16 20:28:30 +01:00
installation.js load showpassord.js conditionally in the template only if needed 2014-12-16 18:45:37 +01:00
jquery-showpassword.js Shows The Eye permanently in the Confirm Password field in Personal Settings - fix #5167 2013-10-12 12:42:23 +02:00
jquery-tipsy.js Fix size calculation with css styling of tipsy popup 2011-10-21 22:08:55 +02:00
jquery.avatar.js use high resolution avatars on highdpi screens 2014-04-04 23:35:32 +02:00
jquery.ocdialog.js Fixed dialogs styling, reversed buttons 2014-07-07 15:56:42 +02:00
js.js Let users configure security headers in their Webserver 2015-03-02 19:07:46 +01:00
l10n.js Autoescape of placeholders in t() and p() - for JS 2015-01-07 12:56:32 +01:00
lostpassword.js Use / as redirect location if webroot is set to an empty value 2014-11-21 15:38:36 +01:00
maintenance-check.js Refresh if maintenance mode is over 2014-09-09 17:26:11 +02:00
multiselect.js Merge pull request #8264 from owncloud/app-enable-by-group 2014-06-03 19:01:12 +02:00
oc-dialogs.js show readonly message in file conflict dialog, make it always selected 2014-12-11 16:32:27 +01:00
oc-requesttoken.js Add OCS API header per default 2014-11-21 19:54:19 +01:00
octemplate.js Scrutinizer cleanup 2014-06-02 21:09:41 +02:00
placeholder.js Renamed current placeholder jquery plugin to imageplaceholder 2013-10-23 16:47:25 +02:00
placeholders.js move to updated version of placeholder 2014-06-03 16:18:06 +02:00
setup.js Merge pull request #12213 from sebomoto/add-loadfeedback 2015-02-18 19:42:18 +01:00
setupchecks.js Let users configure security headers in their Webserver 2015-03-02 19:07:46 +01:00
share.js Use custom attribute instead of the div identifier 2015-02-27 17:38:59 +01:00
singleselect.js Do not close container/slider when clicking on single select field 2014-08-15 12:44:00 +02:00
tags.js Scrutinizer cleanup 2014-06-02 21:09:41 +02:00
update.js 3rd-party apps are disabled on upgrade - refs #14026 2015-02-24 12:02:36 +01:00
visitortimezone.js send browsers timezone back tp the server on login 2014-09-22 14:01:45 +02:00