Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move security headers #8183

Merged
merged 5 commits into from Apr 16, 2014
Merged

Move security headers #8183

merged 5 commits into from Apr 16, 2014

Conversation

LukasReschke
Copy link
Member

Some headers were currently only added to the templates but not to other components (e.g. SabreDAV / JSON / etc...)
The migration to base.php ensures that the headers are served to all requests passing base.php

@LukasReschke
Move security headers to base.php
df67a04 
Some headers were currently only added to the templates but not to other components (e.g. SabreDAV / JSON / etc...)
The migration to base.php ensures that the headers are served to all requests passing base.php
@LukasReschke
Fix indentation
a2a850d
@LukasReschke
Remove uneeded usages of nosniff
b04d95b
@LukasReschke
Typo + Line breaks
387d46c
@LukasReschke LukasReschke mentioned this pull request Apr 13, 2014
Closed
DeepDiver1975
DeepDiver1975 reviewed Apr 13, 2014
View reviewed changes
lib/base.php
@@ -213,6 +213,34 @@ public static function checkInstalled() {
}
}

/*
* This function adds some security related headers to all requests served via base.php
* The implementation of this function as hto happen here to ensure that all third-party
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hto? 😉

@DeepDiver1975
Copy link
Member

requires at least a litmus test execution to ensure webdav is not broken

@scrutinizer-notifier
Copy link

The inspection completed: 41 new issues, 26 updated code elements

@ghost
Copy link

ghost commented Apr 14, 2014

🚀 Test Passed. 🚀
Refer to this link for build results: https://ci.owncloud.org/job/pull-request-analyser/4252/

@LukasReschke
Copy link
Member Author

Litmus test passes successfully:

rechenknecht:~ lukas$ litmus http://localhost:8888/core/remote.php/webdav/ admin admin
-> running `basic':
 0. init.................. pass
 1. begin................. pass
 2. options............... pass
 3. put_get............... pass
 4. put_get_utf8_segment.. pass
 5. put_no_parent......... pass
 6. mkcol_over_plain...... pass
 7. delete................ pass
 8. delete_null........... pass
 9. delete_fragment....... pass
10. mkcol................. pass
11. mkcol_again........... pass
12. delete_coll........... pass
13. mkcol_no_parent....... pass
14. mkcol_with_body....... pass
15. finish................ pass
<- summary for `basic': of 16 tests run: 16 passed, 0 failed. 100.0%
-> running `copymove':
 0. init.................. pass
 1. begin................. pass
 2. copy_init............. pass
 3. copy_simple........... pass
 4. copy_overwrite........ pass
 5. copy_nodestcoll....... pass
 6. copy_cleanup.......... pass
 7. copy_coll............. pass
 8. copy_shallow.......... pass
 9. move.................. pass
10. move_coll............. pass
11. move_cleanup.......... pass
12. finish................ pass
<- summary for `copymove': of 13 tests run: 13 passed, 0 failed. 100.0%
-> running `props':
 0. init.................. pass
 1. begin................. pass
 2. propfind_invalid...... pass
 3. propfind_invalid2..... pass
 4. propfind_d0........... pass
 5. propinit.............. pass
 6. propset............... pass
 7. propget............... pass
 8. propextended.......... pass
 9. propmove.............. pass
10. propget............... pass
11. propdeletes........... pass
12. propget............... pass
13. propreplace........... pass
14. propget............... pass
15. propnullns............ pass
16. propget............... pass
17. prophighunicode....... pass
18. propget............... pass
19. propremoveset......... pass
20. propget............... pass
21. propsetremove......... pass
22. propget............... pass
23. propvalnspace......... pass
24. propwformed........... pass
25. propinit.............. pass
26. propmanyns............ pass
27. propget............... pass
28. propcleanup........... pass
29. finish................ pass
<- summary for `props': of 30 tests run: 30 passed, 0 failed. 100.0%
-> running `locks':
 0. init.................. pass
 1. begin................. pass
 2. options............... pass
 3. precond............... pass
 4. init_locks............ pass
 5. put................... pass
 6. lock_excl............. pass
 7. discover.............. pass
 8. refresh............... pass
 9. notowner_modify....... pass
10. notowner_lock......... pass
11. owner_modify.......... pass
12. notowner_modify....... pass
13. notowner_lock......... pass
14. copy.................. pass
15. cond_put.............. pass
16. fail_cond_put......... pass
17. cond_put_with_not..... pass
18. cond_put_corrupt_token pass
19. complex_cond_put...... pass
20. fail_complex_cond_put. pass
21. unlock................ pass
22. fail_cond_put_unlocked pass
23. lock_shared........... pass
24. notowner_modify....... pass
25. notowner_lock......... pass
26. owner_modify.......... pass
27. double_sharedlock..... pass
28. notowner_modify....... pass
29. notowner_lock......... pass
30. unlock................ pass
31. prep_collection....... pass
32. lock_collection....... pass
33. owner_modify.......... pass
34. notowner_modify....... pass
35. refresh............... pass
36. indirect_refresh...... pass
37. unlock................ pass
38. unmapped_lock......... pass
39. unlock................ pass
40. finish................ pass
<- summary for `locks': of 41 tests run: 41 passed, 0 failed. 100.0%
-> running `http':
 0. init.................. pass
 1. begin................. pass
 2. expect100............. pass
 3. finish................ pass
<- summary for `http': of 4 tests run: 4 passed, 0 failed. 100.0%

@LukasReschke LukasReschke mentioned this pull request Apr 15, 2014
Merged
@LukasReschke
Copy link
Member Author

Hopefully summoning some reviewers: @DeepDiver1975 @icewind1991 @schiesbn @blizzz @bantu

To review this access the WebDAV file browser (/remote.php/webdav) and verify that the headers are sent.

@bantu
Copy link

bantu commented Apr 15, 2014

👍 Patch looks good. Didn't test.

@icewind1991
Copy link
Contributor

Tested, code looks good 👍

@MorrisJobke
Copy link
Contributor

👍 Tested

MorrisJobke added a commit that referenced this pull request Apr 16, 2014
@MorrisJobke
Merge pull request #8183 from owncloud/move-security-headers
5a1a056 
Move security headers
@MorrisJobke MorrisJobke merged commit 5a1a056 into master Apr 16, 2014
@MorrisJobke MorrisJobke deleted the move-security-headers branch April 16, 2014 21:46
LukasReschke added a commit that referenced this pull request Apr 18, 2014
@LukasReschke
Backport of #8183 to stable6
9f1788f 
Some headers were currently only added to the templates but not to
other components (e.g. SabreDAV / JSON / etc...)
The migration to base.php ensures that the headers are served to all
requests passing base.php
@LukasReschke LukasReschke mentioned this pull request Apr 18, 2014
Merged
DeepDiver1975 added a commit that referenced this pull request Apr 23, 2014
@DeepDiver1975
Merge pull request #8260 from owncloud/stable6-backport-8183-and-co
1041617 
Backport of #8183 and #8197
icewind1991 added a commit that referenced this pull request Apr 23, 2014
@icewind1991
Backport of #8183 to stable6
f48b0d9
LukasReschke added a commit that referenced this pull request Apr 23, 2014
@LukasReschke
Merge pull request #8323 from owncloud/stable5-backport-8183-and-co
b4c207a 
Backport of #8183 and #8197
@lock lock bot locked as resolved and limited conversation to collaborators Aug 25, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@LukasReschke @DeepDiver1975 @scrutinizer-notifier @bantu @icewind1991 @MorrisJobke