Merge branch 'support/2.46.x' into support/2.48.x

2026-02-26 16:30:50 +01:00 · 2025-01-17 16:17:13 +01:00
parent c36f095ff2 a696f8f017
commit 12b291f7e5
9 changed files with 156 additions and 31 deletions
--- a/scm-webapp/src/main/java/sonia/scm/filter/SecurityHeadersFilter.java
+++ b/scm-webapp/src/main/java/sonia/scm/filter/SecurityHeadersFilter.java
@@ -54,8 +54,8 @@ public class SecurityHeadersFilter extends HttpFilter {
      response.setHeader("X-Content-Type-Options", "nosniff");
      response.setHeader("Content-Security-Policy",
        "form-action 'self'; " +
-          "object-src 'none'; " +
-          "frame-ancestors 'none'; " +
+          "object-src 'self'; " +
+          "frame-ancestors 'self'; " +
          "block-all-mixed-content"
      );
      response.setHeader("Permissions-Policy",
--- a/scm-webapp/src/main/java/sonia/scm/repository/DefaultRepositoryManager.java
+++ b/scm-webapp/src/main/java/sonia/scm/repository/DefaultRepositoryManager.java
@@ -30,6 +30,7 @@ import com.google.inject.Inject;
 import com.google.inject.Singleton;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import sonia.scm.AlreadyExistsException;
 import sonia.scm.ConfigurationException;
 import sonia.scm.HandlerEventType;
 import sonia.scm.ManagerDaoAdapter;
@@ -183,7 +184,7 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager {
      },
      newRepository -> {
        if (repositoryDAO.contains(newRepository.getNamespaceAndName())) {
-          throw alreadyExists(entity(newRepository.getClass(), newRepository.getNamespaceAndName().logString()));
+          throw alreadyExists(entity(newRepository.getNamespaceAndName()));
        }
      }
    );
@@ -292,10 +293,16 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager {

  public Repository rename(Repository repository, String newNamespace, String newName) {

+    NamespaceAndName newNamespaceAndName = new NamespaceAndName(newNamespace, newName);
+
    if (hasNamespaceOrNameNotChanged(repository, newNamespace, newName)) {
      throw new NoChangesMadeException(repository);
    }

+    if (this.get(newNamespaceAndName) != null){
+      throw AlreadyExistsException.alreadyExists(entity(NamespaceAndName.class, newNamespaceAndName.logString()));
+    }
+
    Repository changedRepository = repository.clone();
    if (!Strings.isNullOrEmpty(newName)) {
      changedRepository.setName(newName);
--- a/scm-webapp/src/main/java/sonia/scm/security/ApiKeyTokenHandler.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/ApiKeyTokenHandler.java
@@ -64,9 +64,7 @@ class ApiKeyTokenHandler {
      return of(OBJECT_MAPPER.readValue(decoder.decode(token), Token.class));
    } catch (IOException | DecodingException e) {
      LOG.debug("failed to read api token, perhaps it is a jwt token or a normal password");
-      if (LOG.isTraceEnabled()) {
-        LOG.trace("failed to parse token", e);
-      }
+      // do not print the exception here, because it could reveal password details
      return empty();
    }
  }