diff options
| author | John Molakvoæ <skjnldsv@users.noreply.github.com> | 2023-03-28 14:02:00 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-28 14:02:00 +0200 |
| commit | 8ee52d35b82541381d23779bdce77450311166a6 (patch) | |
| tree | 5a935cfc8fc818f43f5d1ff290a6e3a0395d50d3 | |
| parent | 7db8e222071421c90dfbcb91bfef11a22f4078b5 (diff) | |
| parent | 346054f85402bcf6a2ccd9d672abf6d9194ea793 (diff) | |
| download | nextcloud-server-8ee52d35b82541381d23779bdce77450311166a6.tar.gz nextcloud-server-8ee52d35b82541381d23779bdce77450311166a6.zip | |
Merge pull request #37405 from nextcloud/clear-site-data
Send Clear-Site-Data header and let browsers ignore it if unsupported
| -rw-r--r-- | core/Controller/LoginController.php | 4 | ||||
| -rw-r--r-- | tests/Core/Controller/LoginControllerTest.php | 29 |
2 files changed, 6 insertions, 27 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index d3873d1329e..2ddba2bb98a 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -34,7 +34,6 @@ declare(strict_types=1); */ namespace OC\Core\Controller; -use OC\AppFramework\Http\Request; use OC\Authentication\Login\Chain; use OC\Authentication\Login\LoginData; use OC\Authentication\WebAuthn\Manager as WebAuthnManager; @@ -125,7 +124,8 @@ class LoginController extends Controller { $this->session->set('clearingExecutionContexts', '1'); $this->session->close(); - if (!$this->request->isUserAgent([Request::USER_AGENT_CHROME, Request::USER_AGENT_ANDROID_MOBILE_CHROME])) { + if ($this->request->getServerProtocol() === 'https') { + // This feature is available only in secure contexts $response->addHeader('Clear-Site-Data', '"cache", "storage"'); } diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php index ae033582d3c..6044440bdaf 100644 --- a/tests/Core/Controller/LoginControllerTest.php +++ b/tests/Core/Controller/LoginControllerTest.php @@ -143,9 +143,8 @@ class LoginControllerTest extends TestCase { ->with('nc_token') ->willReturn(null); $this->request - ->expects($this->once()) - ->method('isUserAgent') - ->willReturn(false); + ->method('getServerProtocol') + ->willReturn('https'); $this->config ->expects($this->never()) ->method('deleteUserValue'); @@ -160,26 +159,6 @@ class LoginControllerTest extends TestCase { $this->assertEquals($expected, $this->loginController->logout()); } - public function testLogoutNoClearSiteData() { - $this->request - ->expects($this->once()) - ->method('getCookie') - ->with('nc_token') - ->willReturn(null); - $this->request - ->expects($this->once()) - ->method('isUserAgent') - ->willReturn(true); - $this->urlGenerator - ->expects($this->once()) - ->method('linkToRouteAbsolute') - ->with('core.login.showLoginForm') - ->willReturn('/login'); - - $expected = new RedirectResponse('/login'); - $this->assertEquals($expected, $this->loginController->logout()); - } - public function testLogoutWithToken() { $this->request ->expects($this->once()) @@ -188,8 +167,8 @@ class LoginControllerTest extends TestCase { ->willReturn('MyLoginToken'); $this->request ->expects($this->once()) - ->method('isUserAgent') - ->willReturn(false); + ->method('getServerProtocol') + ->willReturn('https'); $user = $this->createMock(IUser::class); $user ->expects($this->once()) |