Signed-off-by: provokateurin <kate@provokateurin.de>
return false;
}
+ if ($this->getHeader('OCS-APIRequest') !== '') {
+ return true;
+ }
+
if (isset($this->items['get']['requesttoken'])) {
$token = $this->items['get']['requesttoken'];
} elseif (isset($this->items['post']['requesttoken'])) {
$this->assertFalse($request->passesCSRFCheck());
}
+
+ public function testPassesCSRFCheckWithOCSAPIRequestHeader() {
+ /** @var Request $request */
+ $request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
+ ->setMethods(['getScriptName'])
+ ->setConstructorArgs([
+ [
+ 'server' => [
+ 'HTTP_OCS_APIREQUEST' => 'true',
+ ],
+ ],
+ $this->requestId,
+ $this->config,
+ $this->csrfTokenManager,
+ $this->stream
+ ])
+ ->getMock();
+
+ $this->assertTrue($request->passesCSRFCheck());
+ }
}