wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
server/lib/private
History
Lukas Reschke fdcb8edd78
Add nonce also to legacy CSP 
Pages that do not use the AppFramework have its CSP inherited from `\OC_Response::addSecurityHeaders`. While those are not many anymore, there are some examples such as the "Help" page.

To stay completely backwards-compatible we should also add the nonce to the legacy CSP response.

To test that open your browser console and open the help page. Without this you will get a JS error. With this you won't.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-26 09:41:18 +02:00
..
Activity Fix others 2016-07-21 18:13:57 +02:00
App App dependencies are now analysed on app enable as well - not only on app install. 2016-10-24 15:59:46 +02:00
AppFramework Move browserSupportsCspV3 to CSPNonceManager 2016-10-25 22:03:10 +02:00
Archive Update with robin 2016-07-21 18:13:58 +02:00
Authentication add 2fa backup codes app 2016-09-05 08:51:13 +02:00
BackgroundJob Update with robin 2016-07-21 18:13:58 +02:00
Cache Update with robin 2016-07-21 18:13:58 +02:00
Command Update with robin 2016-07-21 18:13:58 +02:00
Comments emit pre-update event for comments 2016-10-12 18:06:22 +02:00
Console add upgrade command before repair, handle NeedsUpgradeExcaption better 2016-10-24 17:52:49 +02:00
DB Allow 4byte unicode filenames on supported platforms 2016-10-20 14:26:09 +02:00
Diagnostics add stacktrace to query logger 2016-08-24 14:37:15 +02:00
Encryption Fix shared storage namespace in DecryptAll class 2016-10-20 20:36:50 +02:00
Files Merge pull request #1890 from nextcloud/downstream-25428 2016-10-25 14:44:27 +02:00
Group Update with robin 2016-07-21 18:13:58 +02:00
Hooks Update with robin 2016-07-21 18:13:58 +02:00
Http/Client Update with robin 2016-07-21 18:13:58 +02:00
IntegrityCheck Make sure memory limit is > post size and upload filesize 2016-09-13 16:50:36 +02:00
L10N Simplify isSubDirectory check 2016-10-07 21:56:43 +02:00
legacy Add nonce also to legacy CSP 2016-10-26 09:41:18 +02:00
Lock Update with robin 2016-07-21 18:13:58 +02:00
Log log version number in each log line 2016-10-06 12:42:46 +02:00
Mail Fix others 2016-07-21 18:13:57 +02:00
Memcache Activate APCu on PHP 7 2016-09-01 12:30:05 +02:00
Migration Fix others 2016-07-21 18:13:57 +02:00
Notification Add an icon to the notification API 2016-10-07 17:00:24 +02:00
OCS Remove unused private classes 2016-08-18 09:37:11 +02:00
Preview Update with robin 2016-07-21 18:13:58 +02:00
Repair Ignore failures of collation change in the pre update step 2016-10-19 00:15:01 +02:00
Route Allow OCS routes in Core and Settings 2016-08-09 20:56:31 +02:00
Search Fix others 2016-07-21 18:13:57 +02:00
Security Missing returns + autoloader file 2016-10-25 22:13:09 +02:00
Session Update with robin 2016-07-21 18:13:58 +02:00
Settings Adding a optional disclaimer to the anonymous upload page 2016-09-08 18:44:27 +02:00
Setup Fixing ctor call 2016-10-19 00:15:01 +02:00
Share Fix post_unshareFromSelf hook parameter format 2016-10-20 16:09:08 +02:00
Share20 reuse share node when creating a share 2016-10-12 16:12:36 +02:00
SystemTag Fix others 2016-07-21 18:13:57 +02:00
Tagging Fix others 2016-07-21 18:13:57 +02:00
Template Missing returns + autoloader file 2016-10-25 22:13:09 +02:00
Updater Use the same URL everywhere 2016-09-27 14:52:22 +02:00
User Fix logClientIn for non-existing users (#26292) 2016-10-25 09:34:27 +02:00
AllConfig.php Use cache to determine if value need to be updated 2016-10-13 19:40:40 +02:00
AppConfig.php Update with robin 2016-07-21 18:13:58 +02:00
AppHelper.php Fix others 2016-07-21 18:13:57 +02:00
Avatar.php Add message to NotSquareException thrown from Avatar 2016-10-24 11:27:27 +02:00
AvatarManager.php avatar to appdata 2016-10-05 11:00:16 +02:00
CapabilitiesManager.php Make the capabilities manager more error proof 2016-08-15 20:37:19 +02:00
Config.php Update with robin 2016-07-21 18:13:58 +02:00
ContactsManager.php Fix others 2016-07-21 18:13:57 +02:00
DatabaseException.php Fix others 2016-07-21 18:13:57 +02:00
DatabaseSetupException.php Fix others 2016-07-21 18:13:57 +02:00
DateTimeFormatter.php Fix others 2016-07-21 18:13:57 +02:00
DateTimeZone.php Fix others 2016-07-21 18:13:57 +02:00
ForbiddenException.php Fix others 2016-07-21 18:13:57 +02:00
HintException.php Fix others 2016-07-21 18:13:57 +02:00
HTTPHelper.php Fix others 2016-07-21 18:13:57 +02:00
Installer.php Add app name to the call 2016-10-10 16:34:14 +02:00
LargeFileHelper.php Merge pull request #1890 from nextcloud/downstream-25428 2016-10-25 14:44:27 +02:00
Log.php Default to empty string 2016-10-07 16:23:05 +02:00
NaturalSort.php Fix others 2016-07-21 18:13:57 +02:00
NaturalSort_DefaultCollator.php Fix others 2016-07-21 18:13:57 +02:00
NavigationManager.php Fix others 2016-07-21 18:13:57 +02:00
NeedsUpdateException.php Update with robin 2016-07-21 18:13:58 +02:00
NotSquareException.php Fix others 2016-07-21 18:13:57 +02:00
OCSClient.php Deprecate getEditionString() 2016-09-06 16:05:28 +02:00
Preview.php Merge pull request #1338 from nextcloud/fix-trashbin-errors 2016-09-13 19:23:51 +02:00
PreviewManager.php Update with robin 2016-07-21 18:13:58 +02:00
PreviewNotAvailableException.php Opening the trashbin causes errors in log for files without preview 2016-09-09 13:53:06 +02:00
RedisFactory.php Update with robin 2016-07-21 18:13:58 +02:00
Repair.php Ignore failures of collation change in the pre update step 2016-10-19 00:15:01 +02:00
RepairException.php Fix others 2016-07-21 18:13:57 +02:00
Search.php Update with robin 2016-07-21 18:13:58 +02:00
Server.php Move browserSupportsCspV3 to CSPNonceManager 2016-10-25 22:03:10 +02:00
ServerContainer.php Save the container with the app's namespace so we can resolve it 2016-08-22 14:25:43 +02:00
ServerNotAvailableException.php Fix others 2016-07-21 18:13:57 +02:00
ServiceUnavailableException.php Update with robin 2016-07-21 18:13:58 +02:00
Setup.php Update docs 2016-09-13 10:51:48 +02:00
Streamer.php Fix others 2016-07-21 18:13:57 +02:00
SubAdmin.php Fix others 2016-07-21 18:13:57 +02:00
SystemConfig.php Fix others 2016-07-21 18:13:57 +02:00
TagManager.php Fix others 2016-07-21 18:13:57 +02:00
Tags.php Update with robin 2016-07-21 18:13:58 +02:00
TemplateLayout.php Inlince oc.js if possible! 2016-10-25 22:03:18 +02:00
TempManager.php Update with robin 2016-07-21 18:13:58 +02:00
Updater.php Kill update simulation 2016-09-27 18:43:53 +02:00
URLGenerator.php Make sure we try to autoload the class 2016-07-22 16:49:33 +02:00