source.dussan.org Git - nextcloud-server.git/commit

author	Patrick Conrad <conrad@iza.org>
	Mon, 15 Oct 2018 12:25:08 +0000 (14:25 +0200)
committer	Patrick Conrad <conrad@iza.org>
	Wed, 24 Oct 2018 06:50:26 +0000 (08:50 +0200)
commit	bae42072468420d690d42f676f7f06be7e30a52f
tree	f80e560e776beff25f8d12fd57fc3dbea7ccb068	tree \| snapshot
parent	a13d936c35f1ea358889cac007e717a7380bcb20	commit \| diff

Remove cookies from Clear-Site-Data Header

In https://github.com/nextcloud/server/commit/2f87fb6b456fd109c90a5093c31b7a3f62a32040 this header was introduced. The referenced documentation says:

> When delivered with a response from https://example.com/clear, the following header will cause cookies associated with the origin https://example.com to be cleared, as well as cookies on any origin in the same registered domain (e.g. https://www.example.com/ and https://more.subdomains.example.com/).

This also applies if `https://nextcloud.example.com/` sends the `Clear-Site-Data: "cookies"` header.
This is not the behavior we want at this point!

So I removed the deletion of cookies from the header. This has no effect on the logout process as this header is supported only recently and the logout works in old browsers as well.

Signed-off-by: Patrick Conrad <conrad@iza.org>
(cherry picked from commit 1806baaeafa284808cceb1a38ea2e1a9189d0407)

core/Controller/LoginController.php		diff \| blob \| history
tests/Core/Controller/LoginControllerTest.php		diff \| blob \| history