fix(status): Avoid session creation for status requests

Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>

diff --git a/lib/base.php b/lib/base.php
index 53231999e8187de7bda890e09729fd805ea69fa5..ef58bdcefb2518a98f709ef47e57bd26c0e22703 100644 (file)
--- a/lib/base.php
+++ b/lib/base.php
@@ -363,6 +363,13 @@ class OC {
        public static function initSession(): void {
                $request = Server::get(IRequest::class);
 
+               // Do not initialize sessions for 'status.php' requests
+               // Monitoring endpoints can quickly flood session handlers
+               // and 'status.php' doesn't require sessions anyway
+               if (str_ends_with($request->getRequestUri(), '/status.php')) {
+                       return;
+               }
+
                // TODO: Temporary disabled again to solve issues with CalDAV/CardDAV clients like DAVx5 that use cookies
                // TODO: See https://github.com/nextcloud/server/issues/37277#issuecomment-1476366147 and the other comments
                // TODO: for further information.
@@ -790,7 +797,7 @@ class OC {
                                $isScssRequest = true;
                        }
 
-                       if (substr($request->getRequestUri(), -11) === '/status.php') {
+                       if (str_ends_with($request->getRequestUri(), '/status.php')) {
                                http_response_code(400);
                                header('Content-Type: application/json');
                                echo '{"error": "Trusted domain error.", "code": 15}';