diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2016-09-08 17:14:32 +0200 |
---|---|---|
committer | Lukas Reschke <lukas@statuscode.ch> | 2016-09-08 17:20:46 +0200 |
commit | 6ac890812f00c3de534d55b4452612b9d2c48d59 (patch) | |
tree | 4a494ee707b0a0b9a3c085e94836ba97fc19da31 | |
parent | fd6ed3aacc86816e96f490b7a4ac3b8144ab7a8e (diff) | |
download | nextcloud-server-6ac890812f00c3de534d55b4452612b9d2c48d59.tar.gz nextcloud-server-6ac890812f00c3de534d55b4452612b9d2c48d59.zip |
Add exemptions for incompatible UAs
Some user agents are notorious and don't really properly follow HTTP
specifications. For those, have an automated opt-out. Since the protection
for remote.php is applied in base.php as starting point we need to opt out
here.
-rw-r--r-- | lib/base.php | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/lib/base.php b/lib/base.php index 08fa229e570..b2e45595a3e 100644 --- a/lib/base.php +++ b/lib/base.php @@ -506,8 +506,22 @@ class OC { * also we can't directly interfere with PHP's session mechanism. */ private static function performSameSiteCookieProtection() { + $request = \OC::$server->getRequest(); + + // Some user agents are notorious and don't really properly follow HTTP + // specifications. For those, have an automated opt-out. Since the protection + // for remote.php is applied in base.php as starting point we need to opt out + // here. + $incompatibleUserAgents = [ + // OS X Finder + '/^WebDAVFS/', + ]; + if($request->isUserAgent($incompatibleUserAgents)) { + return; + } + + if(count($_COOKIE) > 0) { - $request = \OC::$server->getRequest(); $requestUri = $request->getScriptName(); $processingScript = explode('/', $requestUri); $processingScript = $processingScript[count($processingScript)-1]; |