Because we're closing the session now before controllers are executed there are cases where we cannot write the session.
use OCP\IRequest;
use OCP\ILogger;
use OCP\AppFramework\Controller;
+use OCP\Util;
/**
}
}
+ // CSRF check - also registers the CSRF token since the session may be closed later
+ Util::callRegister();
if(!$this->reflector->hasAnnotation('NoCSRFRequired')) {
if(!$this->request->passesCSRFCheck()) {
throw new SecurityException('CSRF check failed', Http::STATUS_PRECONDITION_FAILED);