mirrors
/
nextcloud
зеркало из https://github.com/nextcloud/server.git
Следить 1
В избранное 0
Форкнуть 0
Код Задачи 0 Релизы 993 Вики Активность
Просмотр исходного кода

Remove cookies from Clear-Site-Data Header 

In 2f87fb6b45 this header was introduced. The referenced documentation says:

> When delivered with a response from https://example.com/clear, the following header will cause cookies associated with the origin https://example.com to be cleared, as well as cookies on any origin in the same registered domain (e.g. https://www.example.com/ and https://more.subdomains.example.com/).

This also applies if `https://nextcloud.example.com/` sends the `Clear-Site-Data: "cookies"` header.
This is not the behavior we want at this point!

So I removed the deletion of cookies from the header. This has no effect on the logout process as this header is supported only recently and the logout works in old browsers as well.

Signed-off-by: Patrick Conrad <conrad@iza.org>
tags/v15.0.0beta1
Patrick Conrad 5 лет назад
Родитель
6f835aff31
Сommit
1806baaeaf
Аккаунт пользователя с таким Email не найден
2 измененных файлов: 3 добавлений и 3 удалений
Разделённый вид Показать статистику Diff
  1. 1
    1
      core/Controller/LoginController.php
  2. 2
    2
      tests/Core/Controller/LoginControllerTest.php

+ 1
- 1
core/Controller/LoginController.php Просмотреть файл

@@ -131,7 +131,7 @@ class LoginController extends Controller {
$this->userSession->logout();

$response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
$response->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"');
$response->addHeader('Clear-Site-Data', '"cache", "storage", "executionContexts"');
return $response;
}


+ 2
- 2
tests/Core/Controller/LoginControllerTest.php Просмотреть файл

@@ -117,7 +117,7 @@ class LoginControllerTest extends TestCase {
->willReturn('/login');

$expected = new RedirectResponse('/login');
$expected->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"');
$expected->addHeader('Clear-Site-Data', '"cache", "storage", "executionContexts"');
$this->assertEquals($expected, $this->loginController->logout());
}

@@ -147,7 +147,7 @@ class LoginControllerTest extends TestCase {
->willReturn('/login');

$expected = new RedirectResponse('/login');
$expected->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"');
$expected->addHeader('Clear-Site-Data', '"cache", "storage", "executionContexts"');
$this->assertEquals($expected, $this->loginController->logout());
}


Редактирование Предпросмотр
Загрузка…
Отмена
Сохранить