window.Buffer is a Node.js API that is not natively available in browsers.
It was apparently polyfilled in the webpack bundle by a dependency, but
the polyfill is absent in environments like headless Electron (Cypress).
This went undetected because browserslist-useragent-regexp < 4.1.4 had a
bug where an empty browser set produced /(?:)/ (matches everything). Electron
matched as "supported" and the redirect code was never reached.
browserslist-useragent-regexp 4.1.4 fixed that bug (PR #1583: faithfully
match an empty set of browsers), generating /[]/ instead. Electron 118 no
longer matches as supported, the redirect path is now exercised, and
window.Buffer.from() throws:
TypeError: Cannot read properties of undefined (reading 'from')
The fix replaces window.Buffer.from(str).toString('base64') with the
native browser btoa(str), which has been universally available since
before our minimum browser support baseline and requires no polyfill.
Fixes: #57920
Signed-off-by: Anna Larch <anna@nextcloud.com>
If a session timed out or was closed in another tab,
then currently the user gets random error messages.
This intercepts 401 responses (should only happen if logged out, or the
users does something wrong).
If we get a 401, we make sure its because of the session,
by checking if the user can access the files app.
If that is also the case we forward the user to the login page
and set the redirect URL to the last used URL.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Nevertheless this causes a huge amount of new warnings.
Previously the shell script for directories to lint was wrong it was generating all app names to lint,
but was missing the `apps/` prefix. Causing only `core` to be linted.
Co-authored-by: Grigorii K. Shartsev <me@shgk.me>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Our utility to add `X-Requested-With` headers on API calls intercepts
calls to `window.fetch`, so we must ensure we allow all parameters that the default
browser provided `window.fetch` allows.
In this case make sure to allow all stringify-able objects.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>
