nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-03-22 10:30:49 -04:00

Author	SHA1	Message	Date
Daniel Calviño Sánchez	41f2d912d2	Allow "wasm-unsafe-eval" in CSP If a page has a Content Security Policy header and the `script-src` (or `default-src`) directive does not contain neither `wasm-unsafe-eval` nor `unsafe-eval` loading and executing WebAssembly is blocked in the page (although it is still possible to load and execute WebAssembly in a worker thread). Although the Nextcloud classes to manage the CSP already supported allowing `unsafe-eval` this affects not only WebAssembly, but also the `eval` operation in JavaScript. To make possible to allow WebAssembly execution without allowing JavaScript `eval` this commit adds support for allowing `wasm-unsafe-eval`. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	2023-08-10 02:38:41 +02:00
Joas Schilling	1b387bb341	fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalScripts Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-07-27 09:57:52 +02:00
Marcel Klehr	7c80d66ee5	Merge pull request #38854 from nextcloud/enh/llm-api	2023-07-21 11:20:31 +02:00
Marcel Klehr	ffe27ce14c	Massive refactoring: Turn LanguageModel OCP API into TextProcessing API Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2023-07-14 16:00:31 +02:00
jld3103	2d6a62ccee	Add IgnoreOpenAPI attribute Signed-off-by: jld3103 <jld3103yt@gmail.com>	2023-07-10 14:25:22 +02:00
Marcel Klehr	069962d04f	Since 27.1.0 Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2023-07-07 13:46:34 +02:00
Marcel Klehr	fb55afc9ff	Update lib/public/AppFramework/Bootstrap/IRegistrationContext.php Co-authored-by: Daniel <mail@danielkesselberg.de> Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2023-07-07 13:39:10 +02:00
Marcel Klehr	795b097122	LLM OCP API: Implement ocs API Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2023-07-07 13:39:10 +02:00
Christoph Wurst	14719110b9	chore: Replace \OC::$server->query with \OCP\Server::get in /lib Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-07-06 15:21:22 +02:00
Louis Chemineau	407c361b91	Add OCSPreconditionFailedException Signed-off-by: Louis Chemineau <louis@chmn.me>	2023-07-05 20:01:45 +02:00
jld3103	b0001c6010	Add template types to responses Signed-off-by: jld3103 <jld3103yt@gmail.com>	2023-06-30 09:33:29 +02:00
Christoph Wurst	08a3f37695	chore(appframework)!: Drop \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-06-12 10:03:59 +02:00
Git'Fellow	5b5895a130	Drop meta robots tag Revert mistake Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>	2023-06-09 18:06:37 +02:00
Faraz Samapoor	bf38c0a3d1	Refactors "strpos" calls in lib/public to improve code readability. Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>	2023-06-05 11:14:52 +02:00
Joas Schilling	5b2d5767e1	fix(docs): Fix language and copy-paste class name in docs of CSP Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-05-30 13:39:33 +02:00
Julius Härtl	050c6d53b3	enh: Provide atomicRetry method to retry transactions if possible Signed-off-by: Julius Härtl <jus@bitgrid.net>	2023-05-16 08:13:20 +02:00
Simon L	d55a7c619d	Fix typos in lib/public subdirectory Found via `codespell -q 3 -S l10n -L jus ./lib/public` Signed-off-by: luz paz <luzpaz@github.com> Update lib/public/Accounts/IAccount.php Signed-off-by: luz paz <luzpaz@github.com> Signed-off-by: Simon L <szaimen@e.mail.de> Co-Authored-By: Côme Chilliet <91878298+come-nc@users.noreply.github.com>	2023-05-10 11:56:34 +02:00
Daniel Kesselberg	eecdb62e92	fix: add workaround for oci and limit queries DBAL uses a helper column "doctrine_rownum" for top-n queries Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2023-05-02 14:26:28 +02:00
Joas Schilling	ecb8b55c5c	feat(security): Add PHP \Attribute for remaining security annotations Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-25 14:50:32 +02:00
Joas Schilling	89c3c31402	feat(ratelimit): Add Attributes support to rate limit middleware Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-24 12:24:48 +02:00
Joas Schilling	fd473f89e8	Merge pull request #37674 from nextcloud/feature/speech-to-text feat(SpeechToText): Add SpeechToText OCP provider API	2023-04-19 16:29:44 +02:00
Christoph Wurst	2c0cfd3772	feat(app-framework): Add native argument types for middleware Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-04-18 17:15:05 +02:00
Ferdinand Thiessen	bdbff2181e	fix: Allow to catch `IMapperException` by implementing `Throwable` Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2023-04-17 16:05:10 +00:00
Marcel Klehr	317521b607	feat(SpeechToText): Add SpeechToText provider API Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2023-04-11 14:59:57 +02:00
jld3103	b153340b62	Add type hints for mappers Signed-off-by: jld3103 <jld3103yt@gmail.com>	2023-04-07 09:49:42 +02:00
Joas Schilling	e839eb9b5c	feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute and allow multiple Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-03-08 12:09:22 +01:00
Joas Schilling	c297f8ee96	feat(appframework): ⌚ Make ITimeFactory extend \PSR\Clock\ClockInterface Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-03-03 15:37:13 +01:00
Julius Härtl	3e63298381	feat(translations): Add translation provider API Signed-off-by: Julius Härtl <jus@bitgrid.net>	2023-02-27 16:52:03 +01:00
MichaIng	5f90b8eb11	Change X-Robots-Tag header from "none" to "noindex, nofollow" While "none" is indeed equivalent to "noindex, nofollow" for Google, but seems to be not supported by Bing and probably other search engines. https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name#other_metadata_names https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag?hl=de#comma-separated-list https://www.bing.com/webmasters/help/which-robots-metatags-does-bing-support-5198d240 Signed-off-by: MichaIng <micha@dietpi.com>	2023-02-15 20:16:51 +01:00
Joas Schilling	6f3ce5c319	Also copy bruteforce meta data when converting DataResponse to JSONResponse Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-02-14 16:00:10 +01:00
Ferdinand Thiessen	ba8a50c059	fix: Throw `NotFoundExceptionInterface` to fulfill PSR container interface if class not found Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2023-02-06 14:16:35 +01:00
Louis Chemineau	4ab3c16403	Pluggable share provider Signed-off-by: Carl Schwan <carl@carlschwan.eu> Signed-off-by: Louis Chemineau <louis@chmn.me>	2023-02-02 15:41:26 +01:00
Christoph Wurst	20e00cdf17	feat(app-framework): Add UseSession attribute to replace annotation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-27 09:40:35 +01:00
Christoph Wurst	ad00a149ea	Merge pull request #36310 from nextcloud/feat/app-framework/global-middlewares feat(app-framework): Add support for global middlewares	2023-01-26 15:17:38 +01:00
Christoph Wurst	8d9af3e262	feat(app-framework): Add support for global middlewares This allows apps to register middlewares that always register, not just for the app's own requests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-26 11:54:28 +01:00
Christoph Wurst	6d7339b0ff	fix(app-framework): Specify return type of Middleware::beforeController Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-25 09:30:58 +01:00
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-01-20 11:45:08 +01:00
Côme Chilliet	e91457d9cd	Improve typing in Entity.php Removing @method in Entity brings even more errors. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-01-20 11:22:09 +01:00
Roeland Jago Douma	60ee874485	Remove long depreated AppFramework/Db/Mapper Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2022-10-10 08:18:32 +02:00
Joas Schilling	82b98b4b9b	Fix typo in deprecated Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-10-04 11:42:24 +02:00
Jonas Rittershofer	c8b7a233a5	Allow CSRF on CORS routes Co-authored-by: Julius Härtl <jus@bitgrid.net> Co-authored-by: Andreas Brinner <andreas@everlanes.net> Signed-off-by: Jonas Rittershofer <jotoeri@users.noreply.github.com>	2022-09-21 10:42:00 +00:00
Joas Schilling	df57b51c8b	Fix psalm parameter type Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-09-15 11:28:40 +02:00
Daniel	c55ae98a3f	Add description for public and immutable Co-authored-by: Carl Schwan <carl@carlschwan.eu> Signed-off-by: Daniel <mail@danielkesselberg.de>	2022-09-03 15:58:18 +02:00
Daniel Kesselberg	855ef21883	Update docblock for cacheFor Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2022-09-03 15:28:23 +02:00
Julius Härtl	68d0038eb0	Move registration to IBootstrap Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-08-31 16:20:06 +02:00
Arthur Schiwon	2a6f46e689	allow apps to specify methods carrying sensitive parameters … in order to remove them from logging. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2022-07-28 23:30:17 +02:00
Thomas Citharel	1d30fb7852	Fix reading blob data as resource PostgreSQL returns data as resource when using IQueryBuilder::PARAM_LOB (which is used for QBMapper). Previously we just converted this resource using settype, which produced things like "Resource id #14" instead of the actual resource data. Now we read the stream correctly if the returned data is a resource See context at #22472 Fixes #22439 Signed-off-by: Thomas Citharel <tcit@tcit.fr>	2022-07-25 09:45:47 +02:00
blizzz	df89e7fd39	Merge pull request #32485 from nextcloud/debt/noid/psalm-streamer-fh [Psalm] Fix docblock for addFileFromStream	2022-05-31 14:22:05 +02:00
Julius Härtl	3901a93c72	Use JSON_THROW_ON_ERROR instead of custom error handling Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-05-30 19:17:49 +02:00
Daniel Kesselberg	be99ea969e	Fix type for resource Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2022-05-24 22:05:59 +02:00

1 2 3 4 5 ...

301 commits