Skip to content

Commit

Permalink
Fix doc links in the admin settings
Browse files Browse the repository at this point in the history
  • Loading branch information
VicDeo committed Oct 23, 2019
1 parent 822f3e6 commit 1ca4786
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 3 deletions.
6 changes: 6 additions & 0 deletions changelog/unreleased/36315
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
Fix links in setupchecks.js

Security tips at Settings -> Admin -> General had two broken links to the owncloud docs in the messages performing HTTPS and HSTS checks

https://github.com/owncloud/core/pull/36315
https://github.com/owncloud/core/issues/36238
13 changes: 10 additions & 3 deletions core/js/setupchecks.js
Original file line number Diff line number Diff line change
Expand Up @@ -272,6 +272,9 @@
var messages = [];

if (xhr.status === 200) {
var oc_defaults = oc_defaults || {};
var docPlaceholderUrl = oc_defaults.docPlaceholderUrl || '';

if(OC.getProtocol() === 'https') {
// Extract the value of 'Strict-Transport-Security'
var transportSecurityValidity = xhr.getResponseHeader('Strict-Transport-Security');
Expand All @@ -283,17 +286,21 @@
transportSecurityValidity = transportSecurityValidity.substring(8);
}
}

var minimumSeconds = 15552000;
if(isNaN(transportSecurityValidity) || transportSecurityValidity <= (minimumSeconds - 1)) {
messages.push({
msg: t('core', 'The "Strict-Transport-Security" HTTP header is not configured to at least "{seconds}" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="{docUrl}" rel="noreferrer">security tips</a>.', {'seconds': minimumSeconds, docUrl: '#admin-tips'}),
msg: t('core',
'The "Strict-Transport-Security" HTTP header is not configured to at least "{seconds}" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="{docUrl}" rel="noreferrer">security tips</a>.',
{'seconds': minimumSeconds, docUrl: docPlaceholderUrl.replace('PLACEHOLDER', 'enable-http-strict-transport-security')}
),
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
});
}
} else {
messages.push({
msg: t('core', 'You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our <a href="{docUrl}">security tips</a>.', {docUrl: '#admin-tips'}),
msg: t('core',
'You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our <a href="{docUrl}">security tips</a>.',
{docUrl: docPlaceholderUrl.replace('PLACEHOLDER', 'use-https')}),
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
});
}
Expand Down

0 comments on commit 1ca4786

Please sign in to comment.