sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #40737 from nextcloud/cors-app_api 

added CORS skip if the session was created by AppAPI
pull/40785/head
Alexander Piskun 2023-10-09 13:40:29 +07:00 committed by GitHub
parent 9e3dbbdcb5 6ef3875e74
commit 4e8ec0bc36
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
Unescape Escape View File

@ -38,6 +38,7 @@ use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Middleware;
use OCP\IRequest;
use OCP\ISession;
use OCP\Security\Bruteforce\IThrottler;
use ReflectionMethod;
@ -91,6 +92,10 @@ class CORSMiddleware extends Middleware {
if ($this->request->passesCSRFCheck()) {
return;
}
// Skip CORS check for requests with AppAPI auth.
if ($this->session->getSession() instanceof ISession && $this->session->getSession()->get('app_api') === true) {
return;
}
$this->session->logout();
try {
if ($user === null || $pass === null || !$this->session->logClientIn($user, $pass, $this->request, $this->throttler)) {