Merge pull request #278 from magento-extensibility/bugfix

[Extensibility] Bug Mania

.htaccess

@@ -285,10 +285,3 @@
 ## http://developer.yahoo.com/performance/rules.html#etags
 
     #FileETag none
-
-############################################
-## Add custom headers
-<IfModule mod_headers.c>
-    Header set X-Content-Type-Options "nosniff"
-    Header set X-XSS-Protection "1; mode=block"
-</IfModule>

app/code/Magento/Backend/etc/adminhtml/di.xml

@@ -127,7 +127,7 @@
             </argument>
         </arguments>
     </type>
-    <type name="Magento\Framework\App\Response\Header\XFrameOptions">
+    <type name="Magento\Framework\App\Response\HeaderProvider\XFrameOptions">
         <arguments>
             <argument name="xFrameOpt" xsi:type="const">Magento\Framework\App\Response\HeaderProvider\XFrameOptions::BACKEND_X_FRAME_OPT</argument>
         </arguments>

app/code/Magento/Cron/etc/adminhtml/system.xml

@@ -9,8 +9,8 @@
     <system>
         <section id="system">
             <group id="cron" translate="label comment" type="text" sortOrder="15" showInDefault="1" showInWebsite="0" showInStore="0">
-                <label>Cron (Scheduled Tasks) - all the times are in minutes</label>
-                <comment>For correct URLs generated during cron runs please make sure that Web &gt; Secure and Unsecure Base URLs are explicitly set.</comment>
+                <label>Cron (Scheduled Tasks)</label>
+                <comment>For correct URLs generated during cron runs please make sure that Web &gt; Secure and Unsecure Base URLs are explicitly set. All the times are in minutes.</comment>
                 <group id="template" translate="label" type="text" sortOrder="10" showInDefault="1" showInWebsite="0" showInStore="0">
                     <label>Cron configuration options for group: </label>
                     <field id="schedule_generate_every" translate="label" type="text" sortOrder="10" showInDefault="1" showInWebsite="0" showInStore="0">

app/code/Magento/Cron/i18n/en_US.csv

@@ -2,8 +2,8 @@
 Daily,Daily
 Weekly,Weekly
 Monthly,Monthly
-"Cron (Scheduled Tasks) - all the times are in minutes","Cron (Scheduled Tasks) - all the times are in minutes"
-"For correct URLs generated during cron runs please make sure that Web > Secure and Unsecure Base URLs are explicitly set.","For correct URLs generated during cron runs please make sure that Web > Secure and Unsecure Base URLs are explicitly set."
+"Cron (Scheduled Tasks)","Cron (Scheduled Tasks)"
+"For correct URLs generated during cron runs please make sure that Web > Secure and Unsecure Base URLs are explicitly set. All the times are in minutes.","For correct URLs generated during cron runs please make sure that Web > Secure and Unsecure Base URLs are explicitly set. All the times are in minutes."
 "Cron configuration options for group: ","Cron configuration options for group: "
 "Generate Schedules Every","Generate Schedules Every"
 "Schedule Ahead for","Schedule Ahead for"

app/code/Magento/PageCache/etc/frontend/di.xml

@@ -9,7 +9,6 @@
     <type name="Magento\Framework\App\FrontControllerInterface">
         <plugin name="front-controller-builtin-cache" type="Magento\PageCache\Model\App\FrontController\BuiltinPlugin"/>
         <plugin name="front-controller-varnish-cache" type="Magento\PageCache\Model\App\FrontController\VarnishPlugin"/>
-        <plugin name="front-controller-message-box" type="Magento\PageCache\Model\App\FrontController\MessageBox" sortOrder="0"/>
     </type>
     <type name="Magento\Framework\Controller\ResultInterface">
         <plugin name="result-builtin-cache" type="Magento\PageCache\Model\Controller\Result\BuiltinPlugin"/>

app/code/Magento/PageCache/view/frontend/web/js/page-cache.js

@@ -51,28 +51,6 @@ define([
         return elements;
     };
 
-    /**
-     * MsgBox Widget checks if message box is displayed and sets cookie
-     */
-    $.widget('mage.msgBox', {
-        options: {
-            msgBoxCookieName: 'message_box_display',
-            msgBoxSelector: '.main div.messages'
-        },
-
-        /**
-         * Creates widget 'mage.msgBox'
-         * @private
-         */
-        _create: function () {
-            if ($.mage.cookies.get(this.options.msgBoxCookieName)) {
-                $.mage.cookies.clear(this.options.msgBoxCookieName);
-            } else {
-                $(this.options.msgBoxSelector).hide();
-            }
-        }
-    });
-
     /**
      * FormKey Widget - this widget is generating from key, saves it to cookie and
      */
@@ -272,14 +250,12 @@ define([
 
     domReady(function () {
         $('body')
-            .msgBox()
             .formKey();
     });
 
     return {
         'pageCache': $.mage.pageCache,
-        'formKey': $.mage.formKey,
-        'msgBox': $.mage.msgBox
+        'formKey': $.mage.formKey
     };
 
     /**

app/code/Magento/Store/Model/HeaderProvider/Hsts.php

@@ -18,14 +18,14 @@ class Hsts extends \Magento\Framework\App\Response\HeaderProvider\AbstractHeader
      *
      * @var string
      */
-    protected $name = 'Strict-Transport-Security';
+    protected $headerName = 'Strict-Transport-Security';
 
     /**
      * Strict-Transport-Security (HSTS) header value
      *
      * @var string
      */
-    protected $value = 'max-age=31536000';
+    protected $headerValue = 'max-age=31536000';
 
     /**
      * @var \Magento\Framework\App\Config\ScopeConfigInterface

app/code/Magento/Store/Model/HeaderProvider/UpgradeInsecure.php

@@ -18,14 +18,14 @@ class UpgradeInsecure extends \Magento\Framework\App\Response\HeaderProvider\Abs
      *
      * @var string
      */
-    protected $name = 'Content-Security-Policy';
+    protected $headerName = 'Content-Security-Policy';
 
     /**
      * Upgrade Insecure Requests header value
      *
      * @var string
      */
-    protected $value = 'upgrade-insecure-requests';
+    protected $headerValue = 'upgrade-insecure-requests';
 
     /**
      * @var \Magento\Framework\App\Config\ScopeConfigInterface

app/code/Magento/Store/etc/di.xml

@@ -318,6 +318,8 @@
             <argument name="headerProviderList" xsi:type="array">
                 <item name="HSTSHeader" xsi:type="object">Magento\Store\Model\HeaderProvider\Hsts</item>
                 <item name="upgrade-insecure-requests" xsi:type="object">Magento\Store\Model\HeaderProvider\UpgradeInsecure</item>
+                <item name="x-content-type-options" xsi:type="object">Magento\Framework\App\Response\HeaderProvider\XContentTypeOptions</item>
+                <item name="x-xss-protection" xsi:type="object">Magento\Framework\App\Response\HeaderProvider\XssProtection</item>
             </argument>
         </arguments>
     </type>