aboutsummaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorPatrick Conrad <conrad@iza.org>2018-10-15 14:25:08 +0200
committerPatrick Conrad <conrad@iza.org>2018-10-24 08:53:46 +0200
commit06e43bb46a2a2648829bebdecf949e256532b421 (patch)
treea6a51df0e14af4adde217a1836ceabbf53a291fc /core
parentae17e55f42794fe9591f170bde9a3d92fa713b8c (diff)
downloadnextcloud-server-06e43bb46a2a2648829bebdecf949e256532b421.tar.gz
nextcloud-server-06e43bb46a2a2648829bebdecf949e256532b421.zip
Remove cookies from Clear-Site-Data Header
In https://github.com/nextcloud/server/commit/2f87fb6b456fd109c90a5093c31b7a3f62a32040 this header was introduced. The referenced documentation says: > When delivered with a response from https://example.com/clear, the following header will cause cookies associated with the origin https://example.com to be cleared, as well as cookies on any origin in the same registered domain (e.g. https://www.example.com/ and https://more.subdomains.example.com/). This also applies if `https://nextcloud.example.com/` sends the `Clear-Site-Data: "cookies"` header. This is not the behavior we want at this point! So I removed the deletion of cookies from the header. This has no effect on the logout process as this header is supported only recently and the logout works in old browsers as well. Signed-off-by: Patrick Conrad <conrad@iza.org> (cherry picked from commit 1806baaeafa284808cceb1a38ea2e1a9189d0407)
Diffstat (limited to 'core')
-rw-r--r--core/Controller/LoginController.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index 9b9c5bcd4ee..15c02096c1e 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -120,7 +120,7 @@ class LoginController extends Controller {
$this->userSession->logout();
$response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
- $response->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"');
+ $response->addHeader('Clear-Site-Data', '"cache", "storage", "executionContexts"');
return $response;
}