nextcloud/tests/lib/appframework/http
Lukas Reschke 202530f4f3
Soften the cookie check if no cookies are sent
When no cookies are sent it is not required to perform any check for the strict or lax cookie, it does not provide any significant security advantage.

It does however interfer with the Android client which requests thumbnails from the unofficial API at `/index.php/apps/files/api/v1/thumbnail/256/256/{filename}`. This endpoint expects the strict cookie to be existent to not leak the existence of files. The Android client authenticates against this endpoint using Basic Auth and without cookies in some cases at least. This will make these endpoints work again with such cases.

To test this issue the following cURL command once without the patch and once with:

> curl http://localhost/index.php/apps/files/api/v1/thumbnail/256/256/welcome.txt  -u admin -v

Without the patch the request is redirected (which the client does not obey) and with the patch the preview is returned.
2016-06-15 11:50:26 +02:00
..
ContentSecurityPolicyTest.php Add public API to give developers the possibility to adjust the global CSP defaults 2016-01-28 18:36:46 +01:00
DataResponseTest.php Add blob: scheme to default CSP policy 2015-09-29 14:27:35 +02:00
DispatcherTest.php Remove dependency on ICrypto + use XOR 2015-10-21 17:33:41 +02:00
DownloadResponseTest.php Make remaining files extend the test base 2014-11-19 14:53:59 +01:00
EmptyContentSecurityPolicyTest.php Add public API to give developers the possibility to adjust the global CSP defaults 2016-01-28 18:36:46 +01:00
HttpTest.php Properly return 304 2015-09-01 11:04:41 +02:00
JSONResponseTest.php Rename data provider to avoid risky test warning 2015-09-09 12:52:54 +02:00
OCSResponseTest.php Remove duplicate and unused code 2015-08-03 21:03:11 +02:00
RedirectResponseTest.php fix unit test 2016-02-18 12:39:19 +01:00
RequestTest.php Soften the cookie check if no cookies are sent 2016-06-15 11:50:26 +02:00
ResponseTest.php Add blob: scheme to default CSP policy 2015-09-29 14:27:35 +02:00
StreamResponseTest.php AppFramework StreamResponse 2015-02-27 15:42:33 +01:00
TemplateResponseTest.php Make remaining files extend the test base 2014-11-19 14:53:59 +01:00
requeststream.php Implement PUT an PATCH support 2013-10-01 20:13:13 +02:00