sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3787 from nextcloud/ocs-cookie 

dont require strict same site cookies for ocs requests
pull/3798/head
Lukas Reschke 2017-03-10 18:14:38 +07:00 committed by GitHub
parent 1045bf4a2b 9a8cef965f
commit f74911b638
2 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/private/AppFramework/Http/Request.php
Unescape Escape View File

@ -490,6 +490,9 @@ class Request implements \ArrayAccess, \Countable, IRequest {
* @return bool
*/
private function cookieCheckRequired() {
if ($this->getHeader('OCS-APIREQUEST')) {
return false;
}
if($this->getCookie(session_name()) === null && $this->getCookie('nc_token') === null) {
return false;
}

25
tests/lib/AppFramework/Http/RequestTest.php
Unescape Escape View File

@ -1787,6 +1787,31 @@ class RequestTest extends \Test\TestCase {
$this->assertFalse($request->passesLaxCookieCheck());
}
public function testSkipCookieCheckForOCSRequests() {
/** @var Request $request */
$request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
->setMethods(['getScriptName'])
->setConstructorArgs([
[
'server' => [
'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
'HTTP_OCS_APIREQUEST' => 'true',
],
'cookies' => [
session_name() => 'asdf',
'nc_sameSiteCookiestrict' => 'false',
],
],
$this->secureRandom,
$this->config,
$this->csrfTokenManager,
$this->stream
])
->getMock();
$this->assertTrue($request->passesStrictCookieCheck());
}
/**
* @return array
*/