diff options
| author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2025-03-02 11:03:42 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-02 11:03:42 +0100 |
| commit | 92bbcada49f61cd954e326a1f2aa1632f59501ba (patch) | |
| tree | cf16375e4cb2773419acfeb3b973e6dc17a75f15 | |
| parent | 043f0e604042e286577e4e53b7657aa39c84d6e8 (diff) | |
| parent | ed15fdf0a3de3973ba93a38975836591b32f7049 (diff) | |
| download | nextcloud-server-92bbcada49f61cd954e326a1f2aa1632f59501ba.tar.gz nextcloud-server-92bbcada49f61cd954e326a1f2aa1632f59501ba.zip | |
Merge pull request #51173 from DaleBCooper/fix-a+-rating
Fix A+ rating when checking with Nextcloud Security Scan.
| -rw-r--r-- | lib/base.php | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/lib/base.php b/lib/base.php index 25f978df836..a54d2c4b7ec 100644 --- a/lib/base.php +++ b/lib/base.php @@ -362,13 +362,6 @@ class OC { public static function initSession(): void { $request = Server::get(IRequest::class); - // Do not initialize sessions for 'status.php' requests - // Monitoring endpoints can quickly flood session handlers - // and 'status.php' doesn't require sessions anyway - if (str_ends_with($request->getScriptName(), '/status.php')) { - return; - } - // TODO: Temporary disabled again to solve issues with CalDAV/CardDAV clients like DAVx5 that use cookies // TODO: See https://github.com/nextcloud/server/issues/37277#issuecomment-1476366147 and the other comments // TODO: for further information. @@ -387,6 +380,13 @@ class OC { // prevents javascript from accessing php session cookies ini_set('session.cookie_httponly', 'true'); + // Do not initialize sessions for 'status.php' requests + // Monitoring endpoints can quickly flood session handlers + // and 'status.php' doesn't require sessions anyway + if (str_ends_with($request->getScriptName(), '/status.php')) { + return; + } + // set the cookie path to the Nextcloud directory $cookie_path = OC::$WEBROOT ? : '/'; ini_set('session.cookie_path', $cookie_path); |