commit
8a7d450fb5
|
@ -153,7 +153,7 @@ class SecurityMiddleware extends Middleware {
|
||||||
*/
|
*/
|
||||||
if(!$this->request->passesCSRFCheck() && !(
|
if(!$this->request->passesCSRFCheck() && !(
|
||||||
$controller instanceof OCSController &&
|
$controller instanceof OCSController &&
|
||||||
$this->request->getHeader('OCS_APIREQUEST') === true)) {
|
$this->request->getHeader('OCS-APIREQUEST') === 'true')) {
|
||||||
throw new CrossSiteRequestForgeryException();
|
throw new CrossSiteRequestForgeryException();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -383,7 +383,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
|
||||||
[$controller, true, true],
|
[$controller, true, true],
|
||||||
|
|
||||||
[$ocsController, false, true],
|
[$ocsController, false, true],
|
||||||
[$ocsController, true, true],
|
[$ocsController, true, false],
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -396,6 +396,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
|
||||||
public function testCsrfOcsController(Controller $controller, $hasOcsApiHeader, $exception) {
|
public function testCsrfOcsController(Controller $controller, $hasOcsApiHeader, $exception) {
|
||||||
$this->request
|
$this->request
|
||||||
->method('getHeader')
|
->method('getHeader')
|
||||||
|
->with('OCS-APIREQUEST')
|
||||||
->willReturn($hasOcsApiHeader ? 'true' : null);
|
->willReturn($hasOcsApiHeader ? 'true' : null);
|
||||||
$this->request->expects($this->once())
|
$this->request->expects($this->once())
|
||||||
->method('passesStrictCookieCheck')
|
->method('passesStrictCookieCheck')
|
||||||
|
|
Loading…
Reference in New Issue