mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add exemptions for incompatible UAs 

Some user agents are notorious and don't really properly follow HTTP
 specifications. For those, have an automated opt-out. Since the protection
for remote.php is applied in base.php as starting point we need to opt out
here.
This commit is contained in:
Lukas Reschke 2016-09-08 17:14:32 +02:00
parent 520bfa872b
commit 1914e7082a
No known key found for this signature in database
GPG Key ID: B9F6980CF6E759B1
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/base.php
View File

@ -506,8 +506,22 @@ class OC {
* also we can't directly interfere with PHP's session mechanism.
*/
private static function performSameSiteCookieProtection() {
$request = \OC::$server->getRequest();
// Some user agents are notorious and don't really properly follow HTTP
// specifications. For those, have an automated opt-out. Since the protection
// for remote.php is applied in base.php as starting point we need to opt out
// here.
$incompatibleUserAgents = [
// OS X Finder
'/^WebDAVFS/',
];
if($request->isUserAgent($incompatibleUserAgents)) {
return;
}
if(count($_COOKIE) > 0) {
$request = \OC::$server->getRequest();
$requestUri = $request->getScriptName();
$processingScript = explode('/', $requestUri);
$processingScript = $processingScript[count($processingScript)-1];