mirror of https://github.com/nextcloud/server.git synced 2025-10-26 19:21:34 +00:00

Nextcloud Server

Go to file

Lukas Reschke 809ff5ac95 Add public API to give developers the possibility to adjust the global CSP defaults Allows to inject something into the default content policy. This is for example useful when you're injecting Javascript code into a view belonging to another controller and cannot modify its Content-Security-Policy itself. Note that the adjustment is only applied to applications that use AppFramework controllers. To use this from your `app.php` use `\OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy)`, $policy has to be of type `\OCP\AppFramework\Http\ContentSecurityPolicy`. To test this add something like the following into an `app.php` of any enabled app: ``` $manager = \OC::$server->getContentSecurityPolicyManager(); $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false); $policy->addAllowedFrameDomain('asdf'); $policy->addAllowedScriptDomain('yolo.com'); $policy->allowInlineScript(false); $manager->addDefaultPolicy($policy); $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false); $policy->addAllowedFontDomain('yolo.com'); $manager->addDefaultPolicy($policy); $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false); $policy->addAllowedFrameDomain('banana.com'); $manager->addDefaultPolicy($policy); ``` If you now open the files app the policy should be: ``` Content-Security-Policy:default-src 'none';script-src yolo.com 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src yolo.com 'self';connect-src 'self';media-src 'self';frame-src asdf banana.com 'self' ```		2016-01-28 18:36:46 +01:00
.idea
3rdparty@177daad35d	[3rdparty] Bump symfony/process to 2.8.1	2016-01-19 09:36:17 +01:00
apps	Fix OCS unit tests after two share merges	2016-01-28 13:17:16 +01:00
build	Add intergration test for shared_with me and group shares	2016-01-21 15:56:44 +01:00
config	Allow custom implementation of system tag managers	2016-01-20 16:36:10 +01:00
core	Fix share default expiration date calculation	2016-01-28 15:25:34 +01:00
l10n
lib	Add public API to give developers the possibility to adjust the global CSP defaults	2016-01-28 18:36:46 +01:00
ocs	Move findLanguage() and setLanguageFromRequest() to factory	2016-01-26 14:02:31 +01:00
ocs-provider
resources	Sync certificates with upstream	2016-01-22 22:10:17 +01:00
settings	Merge pull request #21741 from owncloud/l10n-improvements	2016-01-27 09:37:00 +01:00
tests	Add public API to give developers the possibility to adjust the global CSP defaults	2016-01-28 18:36:46 +01:00
themes
.bowerrc
.gitignore	Added system tags GUI in sidebar	2016-01-19 16:24:26 +01:00
.gitmodules
.htaccess	Add X-Download-Options and X-Permitted-Cross-Domain-Policies	2016-01-12 10:37:16 +01:00
.jshintrc
.mailmap	Correct mailmap for Robin McCorkell to robin@mccorkell.me.uk	2015-12-24 11:51:37 +00:00
.mention-bot	Merge pull request #21970 from zander/mentionbot	2016-01-28 11:20:25 +01:00
.scrutinizer.yml
.tag
.travis.yml	Adding integration tests for CalDAV	2015-12-21 16:04:27 +01:00
.user.ini
AUTHORS	Happy new year!	2016-01-12 15:02:18 +01:00
autotest-external.sh
autotest-hhvm.sh
autotest-js.sh
autotest.cmd
autotest.sh
bower.json	Add davidchambers/base64 JS library	2015-12-14 17:48:30 +01:00
buildjsdocs.sh
console.php	Happy new year!	2016-01-12 15:02:18 +01:00
CONTRIBUTING.md	Replace list of apps with a link	2015-12-16 13:58:18 +01:00
COPYING-AGPL
COPYING-README
cron.php	Happy new year!	2016-01-12 15:02:18 +01:00
db_structure.xml	Merge pull request #18531 from owncloud/ext-user-credentials	2016-01-22 13:14:14 +01:00
index.html
index.php	Happy new year!	2016-01-12 15:02:18 +01:00
issue_template.md	Add question about code signing status	2016-01-15 18:25:38 +01:00
occ
public.php	Happy new year!	2016-01-12 15:02:18 +01:00
README.md	Update README.md	2015-12-20 10:33:14 +01:00
remote.php	Move findLanguage() and setLanguageFromRequest() to factory	2016-01-26 14:02:31 +01:00
robots.txt
status.php	Happy new year!	2016-01-12 15:02:18 +01:00
version.php	Increase version due to new tables	2016-01-22 11:04:04 +01:00

README.md

ownCloud Core

ownCloud gives you freedom and control over your own data. A personal cloud which runs on your own server.

Why is this so awesome?

📁 Access your Data You can store your files, contacts, calendars and more on a server of your choosing.
📦 Sync your Data You keep your files, contacts, calendars and more synchronized amongst your devices.
🔄 Share your Data You share your data with others, and give them access to your latest photo galleries, your calendar or anything else you want them to see.
🚀 Expandable with dozens of Apps ...like Calendar, Contacts, Mail or News.
☁️ All Benefits of the Cloud ...on your own Server.
🔒 Encryption You can encrypt data in transit with secure https connections. You can enable the encryption app to encrypt data on storage for improved security and privacy.
...

Installation instructions

https://doc.owncloud.org/server/9.0/developer_manual/app/index.html

Contribution Guidelines

https://owncloud.org/contribute/

Support

Learn about the diffrent ways you can get support for ownCloud: https://owncloud.org/support/

Get in touch

📋 Forum
✉️ Mailing list
#️⃣ IRC channel
👥 [Facebook] (https://facebook.com/ownclouders)
🐣 Twitter

Important notice on translations

Please submit translations via Transifex: https://www.transifex.com/projects/p/owncloud/

For more detailed information about translations: http://doc.owncloud.org/server/9.0/developer_manual/core/translation.html