From e70249e0896c49cd04365dc7bd088dab8bc6d5dd Mon Sep 17 00:00:00 2001 From: Holger Hees Date: Mon, 13 Jan 2020 17:53:08 +0100 Subject: [PATCH] Update SecurityMiddleware.php OC::$WEBROOT can be empty in case if your nextcloud installation has no url prefix. This will result in an empty Location Header. in other areas OC::$WEBROOT is always used together with an / --- .../AppFramework/Middleware/Security/SecurityMiddleware.php | 2 +- .../AppFramework/Middleware/Security/SecurityMiddlewareTest.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php index 5eb1d7f30b..089f358945 100644 --- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php @@ -211,7 +211,7 @@ class SecurityMiddleware extends Middleware { public function afterException($controller, $methodName, \Exception $exception): Response { if ($exception instanceof SecurityException) { if ($exception instanceof StrictCookieMissingException) { - return new RedirectResponse(\OC::$WEBROOT); + return new RedirectResponse(\OC::$WEBROOT . '/'); } if (stripos($this->request->getHeader('Accept'),'html') === false) { $response = new JSONResponse( diff --git a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php index 306ee9f841..69f1aa5d54 100644 --- a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php +++ b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php @@ -535,7 +535,7 @@ class SecurityMiddlewareTest extends \Test\TestCase { new StrictCookieMissingException() ); - $expected = new RedirectResponse(\OC::$WEBROOT); + $expected = new RedirectResponse(\OC::$WEBROOT . '/'); $this->assertEquals($expected , $response); }