diff options
| author | Vincent Petry <vincent@nextcloud.com> | 2022-08-08 17:12:40 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-08-08 17:12:40 +0200 |
| commit | 00a01a1f5bc680184fec1db5df40770d8e0f7592 (patch) | |
| tree | dbc5bb2b753b85d2a902df5564b0c322cb461b2f | |
| parent | cf5b7b167799a5d905cc03d2ac682ac49c99b411 (diff) | |
| parent | a1149b03781c1e552677d46c7970bceea4cc053a (diff) | |
| download | nextcloud-server-00a01a1f5bc680184fec1db5df40770d8e0f7592.tar.gz nextcloud-server-00a01a1f5bc680184fec1db5df40770d8e0f7592.zip | |
Merge pull request #33174 from nextcloud/fix/redirect-css-not-found
Do not redirect if requested font, style or script can not be found
| -rw-r--r-- | lib/base.php | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/base.php b/lib/base.php index 26ad684a81a..be2567cfd33 100644 --- a/lib/base.php +++ b/lib/base.php @@ -1055,6 +1055,15 @@ class OC { return; } + // Handle resources that can't be found + // This prevents browsers from redirecting to the default page and then + // attempting to parse HTML as CSS and similar. + $destinationHeader = $request->getHeader('Sec-Fetch-Dest'); + if (in_array($destinationHeader, ['font', 'script', 'style'])) { + http_response_code(404); + return; + } + // Someone is logged in if (\OC::$server->getUserSession()->isLoggedIn()) { OC_App::loadApps(); |