feat: Migrate HSTS check to Security headers SetupCheck

Signed-off-by: Côme Chilliet <[email protected]>
nextcloud · Mar 12, 2024 · 1f7d36d · 1f7d36d
1 parent 37de9de
commit 1f7d36d
Showing 1 changed file with 0 additions and 68 deletions.
diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js
@@ -156,73 +156,5 @@
 				})
 			}
 		},
-
-		/**
-		 * Runs generic checks on the server side, the difference to dedicated
-		 * methods is that we use the same XHR object for all checks to save
-		 * requests.
-		 *
-		 * @return $.Deferred object resolved with an array of error messages
-		 */
-		checkGeneric: function() {
-			var self = this;
-			var deferred = $.Deferred();
-			var afterCall = function(data, statusText, xhr) {
-				var messages = [];
-				messages = messages.concat(self._checkSSL(xhr));
-				deferred.resolve(messages);
-			};
-
-			$.ajax({
-				type: 'GET',
-				url: OC.generateUrl('heartbeat'),
-				allowAuthErrors: true
-			}).then(afterCall, afterCall);
-
-			return deferred.promise();
-		},
-
-		/**
-		 * Runs check for some SSL configuration issues on the server side
-		 *
-		 * @param {Object} xhr
-		 * @return {Array} Array with error messages
-		 */
-		_checkSSL: function(xhr) {
-			var messages = [];
-
-			if (xhr.status === 200) {
-				var tipsUrl = OC.theme.docPlaceholderUrl.replace('PLACEHOLDER', 'admin-security');
-				if(OC.getProtocol() === 'https') {
-					// Extract the value of 'Strict-Transport-Security'
-					var transportSecurityValidity = xhr.getResponseHeader('Strict-Transport-Security');
-					if(transportSecurityValidity !== null && transportSecurityValidity.length > 8) {
-						var firstComma = transportSecurityValidity.indexOf(";");
-						if(firstComma !== -1) {
-							transportSecurityValidity = transportSecurityValidity.substring(8, firstComma);
-						} else {
-							transportSecurityValidity = transportSecurityValidity.substring(8);
-						}
-					}
-
-					var minimumSeconds = 15552000;
-					if(isNaN(transportSecurityValidity) || transportSecurityValidity <= (minimumSeconds - 1)) {
-						messages.push({
-							msg: t('core', 'The "Strict-Transport-Security" HTTP header is not set to at least "{seconds}" seconds. For enhanced security, it is recommended to enable HSTS as described in the {linkstart}security tips ↗{linkend}.', {'seconds': minimumSeconds})
-								.replace('{linkstart}', '<a target="_blank" rel="noreferrer noopener" class="external" href="' + tipsUrl + '">')
-								.replace('{linkend}', '</a>'),
-							type: OC.SetupChecks.MESSAGE_TYPE_WARNING
-						});
-					}
-				}
-			} else {
-				messages.push({
-					msg: t('core', 'Error occurred while checking server setup'),
-					type: OC.SetupChecks.MESSAGE_TYPE_ERROR
-				});
-			}
-
-			return messages;
-		}
 	};
 })();