nextcloud

Commit Graph

Author	SHA1	Message	Date
Victor Dubiniuk	4ced903427	Do not rewrite updater requests	8 years ago
Lukas Reschke	4d0dcd3c53	Add X-Download-Options and X-Permitted-Cross-Domain-Policies Two small security hardenings for our IE users and those with Adobe products. Aligns it more with https://github.com/twitter/secureheaders#secureheaders---	8 years ago
Lukas Reschke	28165876fc	Remove CSP stuff from .htaccess 😢 Seems like Apache is inconsistent fun between versions. Let's remove it thus for now.	8 years ago
Jörn Friedrich Dreyer	047008e9e3	always check if the csp is empty	8 years ago
Lukas Reschke	1ae30d1d9c	Use setifempty to please incompatible httpd versions Some httpd versions have problem with the old logic leading to resourced served with multiple headers.	8 years ago
Thomas Müller	e307406486	Merge pull request #20966 from knox/master Do not rewrite letsencrypt .well-known URI	8 years ago
Morris Jobke	2f53866668	Allow ico files to be served statically	8 years ago
mbi	63974992f9	Merge branch 'master' into master	9 years ago
Thomas Müller	f831d93f3f	Merge pull request #20878 from owncloud/proper-htaccess-support-in-code-signing-checker Also run .htaccess routine when installing on another system than Apache	9 years ago
mbi	1aff941be6	Do not rewrite letsencrypt .well-known URI	9 years ago
mbi	508c46a112	Merge branch 'master' into master	9 years ago
Lukas Reschke	235094ab54	Remove version check out of .htaccess This can now be achieved using the new code signing.	9 years ago
Lukas Reschke	3bce1b20fe	Add DirectorySlash to dynamic .htaccess write When `DirectorySlash off` is set then Apache will not lookup folders anymore. This is required for example when we use the rewrite directives on an existing path such as `/core/search`. By default Apache would load `/core/search/` instead `/core/search` so the redirect would fail here. This leads however to the problem that URLs such as `localhost/owncloud` would not load anymore while `localhost/owncloud/` would. This has caused problems such as https://github.com/owncloud/core/pull/21015 With this change we add the `DirectorySlash off` directive only when the `.htaccess` is writable to the dynamic part of it. This would also make `localhost/owncloud` work again as it would trigger the 404 directive which triggers the redirect in base.php.	9 years ago
Lukas Reschke	37efc1d1e1	Allow .ico files Makes `/core/img/favicon.ico` accessible again via web.	9 years ago
Lukas Reschke	7b9bc721e9	Add CSP header to static resources Fixes https://github.com/owncloud/core/issues/16164	9 years ago
mbi	27f420e0a7	Allow .well-known URI for letsencrypt See https://letsencrypt.readthedocs.org/en/latest/using.html#webroot	9 years ago
Morris Jobke	65b4d97a2a	fix indentation	9 years ago
Lukas Reschke	a936107c5c	Append PATH_INFO to ensure that file can be loaded on update	9 years ago
Lukas Reschke	f87dca95f1	Disable MultiView + DirectorySlash Required for routes that might otherwise collide with existing folders on the system	9 years ago
Lukas Reschke	002e719789	Set "SetEnv" within base `.htaccess` file mod_rewrite as used by the front controller may require a `RewriteBase` in case the installation is done using an alias. Since we cannot enforce a writable `.htaccess` file this will move the `front_controller_active` environment variable into the main .htaccess file. If administrators decide to have this one not writable they can still enable this feature by setting the `front_controller_active` environment variable within the Apache config.	9 years ago
Lukas Reschke	2515cb17be	Support pretty URLs This changeset allows ownCloud to run with pretty URLs, they will be used if mod_rewrite and mod_env are available. This means basically that the `index.php` in the URL is not shown to the user anymore. Also the not deprecated functions to generate URLs have been modified to support this behaviour, old functions such as `filePath` will still behave as before for compatibility reasons. Examples: http://localhost/owncloud/index.php/s/AIDyKbxiRZWAAjP => http://localhost/owncloud/s/AIDyKbxiRZWAAjP http://localhost/owncloud/index.php/apps/files/ => http://localhost/owncloud/apps/files/ Due to the way our CSS and JS is structured the .htaccess uses some hacks for the final result but could be worse... And I was just annoyed by all that users crying for the removal of `index.php` ;-)	9 years ago
Thomas Müller	7451e5bebc	Update .well-known redirects to the new dav endpoint This reverts commit `68321efd29`.	9 years ago
Thomas Müller	68321efd29	Revert "Update .well-known redirects to the new dav endpoint" This reverts commit `d831c255ea`.	9 years ago
Thomas Müller	d831c255ea	Update .well-known redirects to the new dav endpoint	9 years ago
RealRancor	e30e6710dc	Add mod_proxy_fcgi and mod_fastcgi to .htaccess	9 years ago
RealRancor	64cb226bfb	Remove legacy non-working rewrites in .htaccess	9 years ago
Joas Schilling	6ca58cd856	Master is now 9.0.0 development	9 years ago
RealRancor	c3dfa3ccad	Fix .htaccess: php_value should be integer	9 years ago
Morris Jobke	df81019a1e	properly indent .htaccess	9 years ago
Frank Karlitschek	2eb9936d77	This will be 8.2 in the future	9 years ago
Lukas Reschke	5fdc1716d2	Merge pull request #15042 from wolfgangkarall/master .htaccess RewriteRules: use permanent redirect for .well-known/(cal\|card)dav, add 'L' flag	9 years ago
Lukas Reschke	9d1ce53cb1	Add some generic default headers as well via PHP	9 years ago
Wolfgang Karall	6cc50ecfab	use permanent redirect for .well-known/(cal\|card)dav, add 'L' flag	9 years ago
Lukas Reschke	bbd5f28415	Let users configure security headers in their Webserver Doing this in the PHP code is not the right approach for multiple reasons: 1. A bug in the PHP code prevents them from being added to the response. 2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud) 3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations. This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.	9 years ago
Lukas Reschke	d201f1c47e	Fix version rev	9 years ago
Frank Karlitschek	270d404ee2	This is 8.0.1 now	9 years ago
Lukas Reschke	43641d917b	Use "off" and "off" instead of true booleans Apparently a boolean in php.ini is according to the documentation "on" or "off"… Fixes itself.	9 years ago
Lukas Reschke	9b46e3b3d5	Add expected values to default config as well	9 years ago
Fernando Rodriguez Sela	66b584ae7e	Setting default charset to UTF-8 in .htaccess and .user.ini	9 years ago
Lukas Reschke	20199dd168	Reference module with `.c` Fixes https://github.com/owncloud/core/issues/13657	9 years ago
Lukas Reschke	bb80cf4eca	Add check for `HTTP_RAW_POST_DATA` setting for >= 5.6 PHP 5.6 otherwise throws notices for perfectly valid code which results in broken endpoints. Fixes https://github.com/owncloud/core/issues/13592	9 years ago
Lukas Reschke	7fbb7f4dc4	Add version to .htaccess Currently if a user does not replace the .htaccess file with the new update this can lead to serious problems in case Apache is used as webserver. This commit adds the version to the .htaccess file and the update routine fails in case not the newest version is specified in there. This obviously means that every release has to update the version specified in .htaccess as well. But I see no better solution for it. Conflicts: lib/private/updater.php	9 years ago
Morris Jobke	e97219cf75	escape . in htaccess regex for CSS and JS HTTP headers	10 years ago
Robert Jäckel	1a6928f447	blocked 3rdparty instead of l10n	10 years ago
Robert Jäckel	8c3bf139ff	restrict access to public files only use mod_rewrite to pretend theese files are not existend for security purposes	10 years ago
Thomas Müller	4b5c7d3d9d	adding cache control headers for css and js - fixes #11496	10 years ago
Lukas Reschke	bd4f3849a3	That file was accidentally commited. Partially revert `f2fc214ce0`	10 years ago
Lukas Reschke	f2fc214ce0	Add deprecation notice to load* functions This functions are deprecated and/or removed since ownCloud 7. Additionally a issubdirectory check has been added here to prevent developers to use this function in a potentially insecure way. Port of https://github.com/owncloud/core/pull/9033	10 years ago
Lukas Reschke	ac7fb1b23e	Remove legacy routing code The getfile routing code was absolutely legacy and not needed anymore. Additionally \OC::$REQUESTEDAPP was never set to the actually accessed application. This commit removes the legacy routing code and ensures that $REQUESTEDAPP is always set so that other applications (e.g. the firewall or a two-factor authentication) can intercept the currently accessed app. Testplan: [x] Installation works [x] Login with DB works [x] Logout works [x] Login with alternate backend works (tested with user_webdavauth) [x] Other apps are accessible [x] Redirect on login works (e.g. index.php?redirect_url=%2Fcore%2Findex.php%2Fsettings%2Fapps%3Finstalled) [x] Personal settings are accessible [x] Admin settings are accessible [x] Sharing files works [x] DAV works [x] OC::$REQUESTEDAPP contains the requested application and can be intercepted by other applications	10 years ago
Felix Eckhofer	61ca269292	Remove trailing tab	10 years ago
Felix Eckhofer	460d06c235	Escape literal dots in mod_rewrite regexes	10 years ago
Lukas Reschke	357fdb1a4d	Remove .htaccess creation code 1. We're maintaining the same code twice which leads inevitably to problems as this one. The createHtaccess routine is only used to use the correct paths to the 404 and 403 document. 2. Updating the ownCloud instance as described in our documentation (`Delete everything from your ownCloud installation directory, except data and config.`) will break the links to the ErrorDocuments anyways and show the default error handlers if ownCloud is not installed in the root directory.	10 years ago
Thomas Müller	269f24cf96	remove css files from rewrite rule - there is no need to rewrite css any more	10 years ago
Thomas Müller	5eef107344	turn off mod_pagespeed	11 years ago
Thomas Tanghus	78559c0863	disable mbstring.func_overload	11 years ago
Daniel Molkentin	a86fe7920b	Try to prefer index.php over index.html in the same directory Add JS redirect if that fails (HTTP-based redirects are disabled by default in more recent Firefox versions).	11 years ago
Myles McNamara	ef2e84026e	remove php_value php_value can only be used with mod_php, using it with FCGI will cause 500 Internal Server errors. This needs to be set in php.ini manually or set using ini_set().	11 years ago
Brice Maron	6c26214955	Refix #1931	11 years ago
Thomas Müller	f3a8bf9260	Merge pull request #1931 from owncloud/fastcgi add cgi pathinfo when fcgi is enabled #1189	11 years ago
Bernhard Posselt	26d5992161	add cgi pathinfo when fcgi is enabled #1189	11 years ago
Bernhard Posselt	023f19e929	added defaultcharset to utf-8 in htaccess	11 years ago
Michiel de Jong	e37dd7aa82	add /.well-known/host-meta.json to .htaccess	12 years ago
Stefan Seidel	8f669880bc	Fix WebDAV (and Android Client) not being able to authorize on Debian Squeeze + mod_fcgid installs.	12 years ago
Robin Appelman	6bc156ba69	add svg mimetype to default htaccess	12 years ago
Robin Appelman	f1b10fcc93	update translations	12 years ago
Georg Ehrke	9e83c3f823	add caldav and carddav files in their old place for backward compatibility - add rewriterule for caldav and carddav	12 years ago
Michiel de Jong	4c6d11e223	move auth.css and remoteStorage-big.png to assets folders From where they can be included	12 years ago
Georg Ehrke	3f86fd5193	remove redirects in htaccess to improve compatibility with desktop client	12 years ago
Michiel de Jong	02cee2c562	trying to fix /.well-known/host-meta	12 years ago
Georg Ehrke	a69c53caef	remove empty line in .htaccess	12 years ago
Georg Ehrke	9bdd00c0f2	update htaccess file and remove remote folder	12 years ago
Bart Visscher	f69f764e8b	Working remote.php with webdav and caldav	12 years ago
Bart Visscher	b62a8ba0f8	Better regex for old apps rewrite rule	12 years ago
Bart Visscher	ec98ecff05	Catch old app paths, change them to new form	12 years ago
Georg Ehrke	da03d05700	create folder 'remote' for the remote services like caldav, carddav and webdav	12 years ago
Bart Visscher	ea99e1184d	Add well-known redirects to htaccess Fixes: http://bugs.owncloud.org/thebuggenie/owncloud/issues/oc-232 http://bugs.owncloud.org/thebuggenie/owncloud/issues/oc-445	12 years ago
Georg Ehrke	ec40f69c9e	add error 403 site	12 years ago
Stefan Göckeritz	d9db6e73d8	bugfix for oc-236	12 years ago
Robin Appelman	4c8f17ad47	don't try to use mod_rewrite when it isn't enabled having a broken web/card/caldav is much better as having no ownCloud at all :)	13 years ago
Bartek Przybylski	3c42867109	merged	13 years ago
Sean Leonard	70014c4fd0	Removed if !mod_php5.c around RewriteRule Made things work on Dreamhost shared hosting	13 years ago
Bartek Przybylski	865be6064a	adjusting to new db "api", merge with master	13 years ago
Georg Ehrke	a01d10e57d	Merge branch 'master' into calendar	13 years ago
Robin Appelman	f1fd374a6f	webdav workaround for apache+php-cgi	13 years ago
Bartek Przybylski	c3d7ffc877	adding tmp icon for app, extending memory size for php in .htaccess	13 years ago
Bartek Przybylski	339d417420	removing add new album button, removing logs, and unused code	13 years ago
Tom Needham	1f74e76d83	Implemented ace-edtior as an app. Basic file editing and saving supported.	13 years ago
Robin Appelman	d851bdac90	fix .htaccess file crashing apache+php-cgi	13 years ago
Robin Appelman	3747ba928f	Set max upload size to something sane we cant use a very high value since some apache configurations dont seem to handle it properly	13 years ago
Robin Appelman	0bcb4a6a8f	set default max upload size in the .htaccess file to something rediculous and don't show the max filesize message when the limit is over 10GB	13 years ago
Kamil Domanski	2073d3b08e	fix 404	13 years ago
Kamil Domanski	5aa8f16bbf	forbid indexes	13 years ago
Robin Appelman	1eb0faa264	make fileactions extendable by plugins	13 years ago

1 2 3

143 Commits (master)