From 24801b01eb6e59cac3d3d418d60b590ce9647280 Mon Sep 17 00:00:00 2001 From: Victor Dubiniuk Date: Tue, 22 Oct 2019 17:48:00 +0300 Subject: [PATCH] Fix doc links in the admin settings --- changelog/unreleased/36315 | 6 ++++++ core/js/setupchecks.js | 12 +++++++++--- core/js/tests/specs/setupchecksSpec.js | 16 ++++++++-------- 3 files changed, 23 insertions(+), 11 deletions(-) create mode 100644 changelog/unreleased/36315 diff --git a/changelog/unreleased/36315 b/changelog/unreleased/36315 new file mode 100644 index 000000000000..4da8de878575 --- /dev/null +++ b/changelog/unreleased/36315 @@ -0,0 +1,6 @@ +Bugfix: Fix links in setupchecks.js + +Security tips at Settings -> Admin -> General had two broken links to the owncloud docs in the messages performing HTTPS and HSTS checks + +https://github.com/owncloud/core/pull/36315 +https://github.com/owncloud/core/issues/36238 diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js index dc39ecf93971..0b27d1ff7a2d 100644 --- a/core/js/setupchecks.js +++ b/core/js/setupchecks.js @@ -272,6 +272,9 @@ var messages = []; if (xhr.status === 200) { + var oc_defaults = oc_defaults || {}; + var docPlaceholderUrl = oc_defaults.docPlaceholderUrl || ''; + if(OC.getProtocol() === 'https') { // Extract the value of 'Strict-Transport-Security' var transportSecurityValidity = xhr.getResponseHeader('Strict-Transport-Security'); @@ -283,17 +286,20 @@ transportSecurityValidity = transportSecurityValidity.substring(8); } } - var minimumSeconds = 15552000; if(isNaN(transportSecurityValidity) || transportSecurityValidity <= (minimumSeconds - 1)) { messages.push({ - msg: t('core', 'The "Strict-Transport-Security" HTTP header is not configured to at least "{seconds}" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.', {'seconds': minimumSeconds, docUrl: '#admin-tips'}), + msg: t('core', + 'The "Strict-Transport-Security" HTTP header is not configured to at least "{seconds}" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.', + {'seconds': minimumSeconds, docUrl: docPlaceholderUrl.replace('PLACEHOLDER', 'enable-http-strict-transport-security')}), type: OC.SetupChecks.MESSAGE_TYPE_WARNING }); } } else { messages.push({ - msg: t('core', 'You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our security tips.', {docUrl: '#admin-tips'}), + msg: t('core', + 'You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our security tips.', + {docUrl: docPlaceholderUrl.replace('PLACEHOLDER', 'use-https')}), type: OC.SetupChecks.MESSAGE_TYPE_WARNING }); } diff --git a/core/js/tests/specs/setupchecksSpec.js b/core/js/tests/specs/setupchecksSpec.js index 5d34e4d50c99..5e5d5c760a25 100644 --- a/core/js/tests/specs/setupchecksSpec.js +++ b/core/js/tests/specs/setupchecksSpec.js @@ -114,7 +114,7 @@ describe('OC.SetupChecks tests', function() { done(); }); }); - + it('should not return an error if data directory is protected', function(done) { var async = OC.SetupChecks.checkDataProtected(); @@ -391,7 +391,7 @@ describe('OC.SetupChecks tests', function() { async.done(function( data, s, x ){ expect(data).toEqual([{ - msg: 'Error occurred while checking server setup', + msg: 'Error occurred while checking server setup', type: OC.SetupChecks.MESSAGE_TYPE_ERROR },{ msg: 'Error occurred while checking server setup', @@ -457,7 +457,7 @@ describe('OC.SetupChecks tests', function() { async.done(function( data, s, x ){ expect(data).toEqual([{ - msg: 'The "X-XSS-Protection" HTTP header is not configured to equal to "1; mode=block". This is a potential security or privacy risk and we recommend adjusting this setting.', + msg: 'The "X-XSS-Protection" HTTP header is not configured to equal to "1; mode=block". This is a potential security or privacy risk and we recommend adjusting this setting.', type: OC.SetupChecks.MESSAGE_TYPE_WARNING, }, { msg: 'The "X-Content-Type-Options" HTTP header is not configured to equal to "nosniff". This is a potential security or privacy risk and we recommend adjusting this setting.', @@ -508,7 +508,7 @@ describe('OC.SetupChecks tests', function() { async.done(function( data, s, x ){ expect(data).toEqual([{ - msg: 'You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our security tips.', + msg: 'You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our security tips.', type: OC.SetupChecks.MESSAGE_TYPE_WARNING }]); done(); @@ -527,7 +527,7 @@ describe('OC.SetupChecks tests', function() { ); async.done(function( data, s, x ){ expect(data).toEqual([{ - msg: 'Error occurred while checking server setup', + msg: 'Error occurred while checking server setup', type: OC.SetupChecks.MESSAGE_TYPE_ERROR }, { msg: 'Error occurred while checking server setup', @@ -554,7 +554,7 @@ describe('OC.SetupChecks tests', function() { async.done(function( data, s, x ){ expect(data).toEqual([{ - msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.', + msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.', type: OC.SetupChecks.MESSAGE_TYPE_WARNING }]); done(); @@ -579,7 +579,7 @@ describe('OC.SetupChecks tests', function() { async.done(function( data, s, x ){ expect(data).toEqual([{ - msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.', + msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.', type: OC.SetupChecks.MESSAGE_TYPE_WARNING }]); done(); @@ -604,7 +604,7 @@ describe('OC.SetupChecks tests', function() { async.done(function( data, s, x ){ expect(data).toEqual([{ - msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.', + msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.', type: OC.SetupChecks.MESSAGE_TYPE_WARNING }]); done();