sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #37316 from nextcloud/fix/security/strict-cookie-check-status-codes 

fix(security)!: Use consistent HTTP status for strict cookie checks
pull/37791/head
Simon L 2023-04-18 11:39:18 +07:00 committed by GitHub
parent 564463c439 a06898a2d0
commit 5f879a705b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/base.php
Unescape Escape View File

@ -570,7 +570,9 @@ class OC {
// Debug mode gets access to the resources without strict cookie
// due to the fact that the SabreDAV browser also lives there.
if (!$config->getSystemValue('debug', false)) {
http_response_code(\OCP\AppFramework\Http::STATUS_SERVICE_UNAVAILABLE);
http_response_code(\OCP\AppFramework\Http::STATUS_PRECONDITION_FAILED);
header('Content-Type: application/json');
echo json_encode(['error' => 'Strict Cookie has not been found in request']);
exit();
}
}

3
lib/private/AppFramework/Middleware/Security/Exceptions/StrictCookieMissingException.php
Unescape Escape View File

@ -1,4 +1,7 @@
<?php
declare(strict_types=1);
/**
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
*