tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-04-08 17:15:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,109 Commits 120 Branches 75 Tags
Commit Graph

14109 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Johannes Meyer
a9b0e1e2d2 css: Hide details marker of collapsibles in Safari 
In Chrome the marker was already invisible since normalize.css
applies `display:block` to `summary`. Hence we should also disable
the marker by default in Safari.

fixes https://github.com/Icinga/icingaweb2-module-businessprocess/issues/406
 2023-08-31 13:05:19 +02:00
Johannes Meyer
c027282d8c Test: Load a module's composer autoloader 2023-08-31 10:18:37 +02:00
Sukhwinder Dhillon
3c3437dafa Github Actions: Do not cancel further tests if one fails 2023-08-30 16:25:32 +02:00
Sukhwinder Dhillon
f283c81ed2 ActionController: Always read icingaweb config for csp 
Method `$this->Config()` returns config based of current module.
 2023-08-30 10:04:46 +02:00
Johannes Meyer
c3b1ad12ab loader.js: Don't update history for redirects 
A redirect now also does NOT:

* Remove `.impact` from the container
* Try to set a menu item active..

fixes #4879
 2023-08-29 15:02:44 +02:00
Johannes Meyer
b201b030b2
Fix CSP violations (#5060) 2023-08-28 17:15:39 +02:00
raviks789
35b2145754 Workflow: Setup ipl/web dependency for unit test 2023-08-28 17:06:20 +02:00
raviks789
75c409703d Ignore phpstan errors related to DOMDocument or DOMElement 2023-08-28 17:06:15 +02:00
raviks789
d2a40e088d FormTest: Remove mocke Icinga\Web\Session in test testWhetherACsrfCounterMeasureIsBeingAdded() 
Since a fake session is already being instantiated in `BaseTestCase` there is no need to mock the class `Icinga\Web\Session`.
 2023-08-28 16:56:51 +02:00
raviks789
33b6c01fe2 Create fake session to write csp nonces to it 
`Csp::createnonces()` writes to a window aware session and hence a fake base session
is created in `BaseTestCase::setUp()` method
 2023-08-28 16:56:51 +02:00
raviks789
282b4d564a Add style element to SVGs 
The ruleset returned by `Styleable::getStyle()` is added to the SVG.
 2023-08-28 16:56:51 +02:00
raviks789
97a14d7b18 Modify Styleable to avoid using static inline styles 
To prevent CSP violation the following changes has been made in `Styleable::class`:
1) `Styleable::getStyle()` method is modified to return `ipl\Web\Style::class`
2) `Styleable::additionalStyle` property type is changed to array
3) `Styleable::setAdditionalStyle()` parameter type is changed to array
 2023-08-28 16:56:49 +02:00
raviks789
4e8107c231 RoleForm: Replace static inline styles with css class 
The static inline style for resetriction text element is replaced with css class `role-restriction-text`
to avoid Content-Security-Policy violations.
 2023-08-28 16:40:37 +02:00
raviks789
afd2a65df6 Add nonce attribute to <style> elements 
`nonce` attribute needs to be set on the style elements to avoid CSP violations.
 2023-08-28 16:40:37 +02:00
raviks789
da1bf7048d Remove inline scripts 
Remove inline scripts present in `layout.phtml` and `logout.phtml` to prevent CSP violation.
 2023-08-28 16:40:37 +02:00
raviks789
33a5f765b9 Use style element to create css class for dynamic inline style 
The `style` element with `nonce` attribute is used to create css classes for
inline styles that are not static. This prevents Content-Security-Policy violations.
 2023-08-28 16:40:33 +02:00
raviks789
459f4198c3 Replace static inline styles with css class 
The static inline styles are replaced with css class to avoid Content-Security-Policy violations.
 2023-08-28 16:30:12 +02:00
Johannes Meyer
511f507c60
Allow Enabling Strict Content Security Policy (CSP) (#5059) 2023-08-28 16:15:09 +02:00
Yonas Habteab
6f39194b0c Add CSP documentation 2023-08-28 16:01:52 +02:00
Yonas Habteab
3b7f054534 Initiate full page reload upon CSP config change 2023-08-28 12:42:32 +02:00
Johannes Meyer
e3ebe109eb Enable strict CSP if configured 2023-08-28 12:42:32 +02:00
Eric Lippmann
1cd1b500b3 Add helper to enable strict CSP 2023-08-28 12:42:32 +02:00
Eric Lippmann
0bac6cfe07 Config: Add setting to enable strict CSP 2023-08-24 16:02:06 +02:00
Johannes Meyer
6c68578a6c
Github Actions: Add PhpStan (#5040) 
Blocked by: #5061 
closes #5052, https://github.com/Icinga/icingaweb2/pull/4920,
https://github.com/Icinga/icingaweb2/pull/5003
 2023-08-23 11:53:21 +02:00
Sukhwinder Dhillon
2818757bc6 phpstan: Ignore LdapCapabilities/LdapConnection errors 
- ldap_connect() returns `LDAP\Connection` in php >= 81
 2023-08-23 11:37:00 +02:00
Sukhwinder Dhillon
fe24d7809f Phpstan: Set level to max and add baseline file 
- Remove already default flags in `max` level
- Don't ingnore Zend_* errors explicitly (added to baseline)
 2023-08-23 11:37:00 +02:00
Sukhwinder Dhillon
3f3f0a1f67 GlobFilter::__construct(): Add possible param type hint 2023-08-23 11:37:00 +02:00
Sukhwinder Dhillon
0cf97d5825 Workflow: clone the remote head, regardless of the branch name 2023-08-23 11:36:30 +02:00
raviks789
9887a2d622 ConfigTest: Define property $oldConfigDir 
Use of dynamic property is deprecated since PHP 8.2
 2023-08-23 10:53:15 +02:00
Yonas Habteab
a82e3b2320 Stylable: Fix strokeWidth type hint declaration 2023-08-23 10:53:15 +02:00
Yonas Habteab
55b4a5eb63 StaticController: Pass only strings to str_pad as first argument 2023-08-23 10:53:15 +02:00
Yonas Habteab
a965b5c44b Fix argument type hints 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon
ffe84507f9 Host/Servie::getDataView(): Fix return class name case 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon
2fa9aaedb0 (Host/Service)status: Fix class name case 2023-08-23 10:53:15 +02:00
raviks789
19151763af UrlParams: Fix parameter types of addValues() method 2023-08-23 10:53:15 +02:00
raviks789
eed1b0a680 Url: Fix type of parameter $values of with() method 2023-08-23 10:53:15 +02:00
raviks789
6353f79528 VersionCommand: Avoid using deprecated ${} string interpolation 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon
fd984c5798 Loader: Fix Variable '$obj' is probably undefined 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon
17c2a19e28 ObjectList: Pass the correct value to unset() 
- $featureStatus is an associative array
 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon
e3ce1c4b2d (Hosts/Services)Controller: Cannot check ObjectList instance with ! empty() 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon
5d5b767afe Setup Module (finish.phtml): Add empty array if $report is null 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon
6f04c54f3c ListController::createTabs(): Add missing return statement 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon
907486ccac NavigationItemRenderer::setOptions(): Add missing return statement 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon
66c4fc404e LocalFileStorage::create(): Add missing return statement 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon
ee9d139a3a PhpDoc: Fix incorrect @param and @return type hints 2023-08-23 10:53:15 +02:00
Sukhwinder Dhillon
8d55385e38 HealthController: Add return statement in new line because render() returns nothing 2023-08-23 10:53:14 +02:00
Sukhwinder Dhillon
63556849c9 HostnotificationQuery: Fix Variable '$$concattedContacts' is probably undefined 2023-08-23 10:53:14 +02:00
Sukhwinder Dhillon
8960324fcd ResourceStep: Fix Variable '$dbHtml, $ldapHtml' are probably undefined 2023-08-23 10:53:14 +02:00
Sukhwinder Dhillon
e5981ed2b5 GeneralConfigStep: Fix Variable '$typeDescription, $typeSpecificHtml' are probably undefined 2023-08-23 10:53:14 +02:00
Sukhwinder Dhillon
07e272f3cc RequirementsRenderer: Add $tags explicitly as non-dynamic property 2023-08-23 10:53:14 +02:00