Commit Graph

27 Commits

Author SHA1 Message Date
Ralf Becker
592b7fb97d replace LAB.js with native es5 loading 2021-06-05 20:39:39 +02:00
Ralf Becker
fed41622c2 fixing all sorts of PHP 8 errors and PHPStorm errors 2021-03-31 17:50:01 +02:00
Ralf Becker
ab9c089f70 fix PHP 8 Fatal error Array and string offset access syntax with curly braces is no longer supported 2021-03-21 21:13:07 +01:00
Hadi Nategh
72769e7a43 * HTML Editor: fix bug in editing uploaded image 2020-10-19 11:14:52 +02:00
Ralf Becker
7428e2d7cd do not add path of url to CSP 2020-07-07 13:18:28 +02:00
Ralf Becker
9a548dca68 fix csp-*-source hook not run, if Api\Header\ContenSecurity::add() was called 2020-04-30 17:31:46 +02:00
Ralf Becker
57ab6f667c adding CSP frame-ancestors 'self' policy to mitigate clickjacking 2020-01-28 18:19:40 +01:00
Ralf Becker
2ea9549dcf stricter CSP policy for mail body 2020-01-28 17:45:36 +01:00
Ralf Becker
d8289ef29d stricter CSP policy 2020-01-28 17:14:51 +01:00
Ralf Becker
056e5c053a use hostname from setup, only if webserver-url starts with a slash, closer to previous behavior 2019-11-13 18:28:33 +01:00
Ralf Becker
302800b414 new class Api\Header\Http to handle X-Forwarded-Host and -Schema headers
also kope now with multiple comma-separated host-names in X-Forwarded-Host header happening with multiple proxys
2019-11-12 20:13:24 +01:00
Ralf Becker
bf844b7598 support for new Swoole push server 2019-11-04 09:29:49 +01:00
Ralf Becker
6435eb1293 * Api: fix error adding/editing catgories or custom fields 2019-07-29 11:21:54 +02:00
Ralf Becker
914de29859 improve user-agent formatting and use is also for accesslog 2019-06-05 18:18:23 +02:00
Ralf Becker
44a0079b9d new user security popup incl. 2FA and token revokation 2019-06-05 13:10:25 +02:00
Hadi Nategh
c5c09c4f9f Deprecate CKEDITOR and remove it from source 2019-01-25 12:41:13 +01:00
Ralf Becker
77b42dd9a4 always send X-Content-Type-Options: nosniff
It does not harm and stops unpredictable results from browsers changing our content-types
(FF 50+ now also supports nosniff)
2017-10-25 17:35:30 +02:00
Hadi Nategh
c7089cadd9 Revert unintentional changes to mrconfig and ContentSecurityPolicy from commitacdf079fb180490d8659fad0f4c20dd74ea78503 2017-01-05 15:04:53 +01:00
Hadi Nategh
acdf079fb1 * Etemplate: Fix error "Etemplate\Api\Auth not found" happening while to login 2017-01-05 14:59:20 +01:00
Ralf Becker
dc84982a55 * CalDAV/CardDAV: send unchange REALM for "bad login or password" to allow storing credentials 2017-01-04 10:18:34 +11:00
Ralf Becker
e87cbc4832 use static Hooks methods 2016-05-11 18:58:10 +00:00
Ralf Becker
4af0e7cb1c WIP EGroupware without phpgwapi&etemplate 2016-05-04 19:07:54 +00:00
Ralf Becker
67cb60b972 moving egw_digest_auth, vfs_webdav_server and egw_sharing to new api 2016-03-20 16:19:53 +00:00
Ralf Becker
0cd226b91d make static functions static as they should be 2016-03-19 10:44:00 +00:00
Hadi Nategh
b7a1280c17 Fix can not open any attachment caused by wrong path 2016-03-15 10:05:34 +00:00
Ralf Becker
99714aa9e9 move egw_framework::csp_*_source_attrs($attrs) to Api\Header\ContentSecurityPolicy::add(*-src, $attrs) and egw_ckeditor_config to Api\Html\CkEditorConfig 2016-03-13 14:08:31 +00:00
Ralf Becker
85695f0d41 split html class to Api\Html, Api\Header\Content, Api\Header\UserAgent and translation 2016-03-13 11:22:44 +00:00