6e16ded825
loader.js: Don't attempt to load an extra update to a closed column
2023-09-07 13:00:45 +02:00
a3c04f9108
loader.js: Allow to initiate a refresh with `__REFRESH__`
2023-09-07 12:59:53 +02:00
cdfe7e9aba
loader.js: Don't refresh twice upon `__CLOSE__` ( #5106 )
2023-09-07 12:50:13 +02:00
8f5b62f532
loader.js: Perform a proper redirect upon `__CLOSE__`
...
This allows the temporary adjustment of the autorefresh
interval.
2023-09-07 12:07:48 +02:00
03f62887b8
loader.js: Don't refresh twice upon `__CLOSE__`
2023-09-07 09:42:05 +02:00
648cdd7ef4
Fix incorrect message for invalid states
2023-09-07 09:37:51 +02:00
7c6c793ac3
Fix:Remove detail url when no item selected ( #5055 )
...
fixes #5053
2023-09-07 09:32:11 +02:00
9dd21841a3
loader.js: Push current state to history only on `onComplete`.
...
- Previously, in case of `abort` the url was already pushed to history at the beginning of `onFailure`, setting `addToHistory` to true only prevents it from being added twice (again in `onComplete`).
- Now we only push the url to history in `onComplete`, so setting `addToHistory` to false is only necessary if req is scripted.
- We intentionally push the canceled url into history to continue navigating with the browser`s back/forward key.
2023-09-07 09:22:24 +02:00
d794439537
ui.js: Update browser address bar url when container closes
...
`stopPendingRequestsFor()` cancel the pending request but push the canceled url to history (by calling `loader::OnFailure` internally).
Now the `icingaUrl` is set again, remove it and push again the current state to history.
2023-09-07 09:22:24 +02:00
f3f35f86fd
ui.js: Add event `column-moved`
...
- Param1 is the event itself (event.target.id == #col where the content is moved)
- Param2 is the soucre col id, form which the content is moved
2023-09-07 08:57:37 +02:00
0424c66a9c
Make `host` optional for `oci` database resources ( #5063 )
...
`oci` uses Zend's `Oracle` adapter, which does not use this setting at
all.
fixes #5062
2023-09-07 08:56:54 +02:00
b693369412
Fix class in `Platform::hasOracleSupport()`
2023-09-07 08:51:22 +02:00
1b91a93e34
Make `host` optional for `oci` database resources
...
`oci` uses Zend's `Oracle` adapter, which does not use this setting at
all.
2023-09-07 08:51:22 +02:00
e66f76e881
configure landing page using environment variable
2023-09-07 08:49:21 +02:00
d8e313af6c
JsonResponse: Fix documentation of `sendResponse`
2023-09-05 16:19:41 +02:00
ac928387e6
Fix CSP link in configuration documentation
2023-09-04 12:09:39 +02:00
38dc9a8010
PHPStan Baseline: Remove `ipl\Html\BaseHtmlElement::$defaultAttributes` type hint error patterns
2023-09-04 09:03:40 +02:00
a9b0e1e2d2
css: Hide details marker of collapsibles in Safari
...
In Chrome the marker was already invisible since normalize.css
applies `display:block` to `summary`. Hence we should also disable
the marker by default in Safari.
fixes https://github.com/Icinga/icingaweb2-module-businessprocess/issues/406
2023-08-31 13:05:19 +02:00
c027282d8c
Test: Load a module's composer autoloader
2023-08-31 10:18:37 +02:00
3c3437dafa
Github Actions: Do not cancel further tests if one fails
2023-08-30 16:25:32 +02:00
f283c81ed2
ActionController: Always read icingaweb config for csp
...
Method `$this->Config()` returns config based of current module.
2023-08-30 10:04:46 +02:00
c3b1ad12ab
loader.js: Don't update history for redirects
...
A redirect now also does NOT:
* Remove `.impact` from the container
* Try to set a menu item active..
fixes #4879
2023-08-29 15:02:44 +02:00
b201b030b2
Fix CSP violations ( #5060 )
2023-08-28 17:15:39 +02:00
35b2145754
Workflow: Setup `ipl/web` dependency for unit test
2023-08-28 17:06:20 +02:00
75c409703d
Ignore phpstan errors related to `DOMDocument` or `DOMElement`
2023-08-28 17:06:15 +02:00
d2a40e088d
`FormTest`: Remove mocke `Icinga\Web\Session` in test `testWhetherACsrfCounterMeasureIsBeingAdded()`
...
Since a fake session is already being instantiated in `BaseTestCase` there is no need to mock the class `Icinga\Web\Session`.
2023-08-28 16:56:51 +02:00
33b6c01fe2
Create fake session to write csp nonces to it
...
`Csp::createnonces()` writes to a window aware session and hence a fake base session
is created in `BaseTestCase::setUp()` method
2023-08-28 16:56:51 +02:00
282b4d564a
Add `style` element to SVGs
...
The ruleset returned by `Styleable::getStyle()` is added to the SVG.
2023-08-28 16:56:51 +02:00
97a14d7b18
Modify `Styleable` to avoid using static inline styles
...
To prevent CSP violation the following changes has been made in `Styleable::class`:
1) `Styleable::getStyle()` method is modified to return `ipl\Web\Style::class`
2) `Styleable::additionalStyle` property type is changed to array
3) `Styleable::setAdditionalStyle()` parameter type is changed to array
2023-08-28 16:56:49 +02:00
4e8107c231
RoleForm: Replace static inline styles with css class
...
The static inline style for resetriction text element is replaced with css class `role-restriction-text`
to avoid Content-Security-Policy violations.
2023-08-28 16:40:37 +02:00
afd2a65df6
Add `nonce` attribute to `<style>` elements
...
`nonce` attribute needs to be set on the style elements to avoid CSP violations.
2023-08-28 16:40:37 +02:00
da1bf7048d
Remove inline scripts
...
Remove inline scripts present in `layout.phtml` and `logout.phtml` to prevent CSP violation.
2023-08-28 16:40:37 +02:00
33a5f765b9
Use `style` element to create css class for dynamic inline style
...
The `style` element with `nonce` attribute is used to create css classes for
inline styles that are not static. This prevents Content-Security-Policy violations.
2023-08-28 16:40:33 +02:00
459f4198c3
Replace static inline styles with css class
...
The static inline styles are replaced with css class to avoid Content-Security-Policy violations.
2023-08-28 16:30:12 +02:00
511f507c60
Allow Enabling Strict Content Security Policy (CSP) ( #5059 )
2023-08-28 16:15:09 +02:00
6f39194b0c
Add `CSP` documentation
2023-08-28 16:01:52 +02:00
3b7f054534
Initiate full page reload upon `CSP` config change
2023-08-28 12:42:32 +02:00
e3ebe109eb
Enable strict CSP if configured
2023-08-28 12:42:32 +02:00
1cd1b500b3
Add helper to enable strict CSP
2023-08-28 12:42:32 +02:00
0bac6cfe07
Config: Add setting to enable strict CSP
2023-08-24 16:02:06 +02:00
6c68578a6c
Github Actions: Add PhpStan ( #5040 )
...
Blocked by: #5061
closes #5052 , https://github.com/Icinga/icingaweb2/pull/4920 ,
https://github.com/Icinga/icingaweb2/pull/5003
2023-08-23 11:53:21 +02:00
2818757bc6
phpstan: Ignore `LdapCapabilities/LdapConnection` errors
...
- ldap_connect() returns `LDAP\Connection` in php >= 81
2023-08-23 11:37:00 +02:00
fe24d7809f
Phpstan: Set level to max and add baseline file
...
- Remove already default flags in `max` level
- Don't ingnore Zend_* errors explicitly (added to baseline)
2023-08-23 11:37:00 +02:00
3f3f0a1f67
GlobFilter::__construct(): Add possible param type hint
2023-08-23 11:37:00 +02:00
0cf97d5825
Workflow: clone the remote `head`, regardless of the branch name
2023-08-23 11:36:30 +02:00
9887a2d622
`ConfigTest`: Define property `$oldConfigDir`
...
Use of dynamic property is deprecated since PHP 8.2
2023-08-23 10:53:15 +02:00
a82e3b2320
Stylable: Fix `strokeWidth` type hint declaration
2023-08-23 10:53:15 +02:00
55b4a5eb63
StaticController: Pass only strings to `str_pad` as first argument
2023-08-23 10:53:15 +02:00
a965b5c44b
Fix argument type hints
2023-08-23 10:53:15 +02:00
ffe84507f9
Host/Servie::getDataView(): Fix return class name case
2023-08-23 10:53:15 +02:00
Johannes Meyer
Sukhwinder Dhillon
Eric Lippmann
Tobias Tiederle
raviks789
Yonas Habteab