fix(security)!: Use consistent HTTP status for strict cookie checks

Before: 503/412 Now: 412 + json body explaining the error Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
author: Christoph Wurst <christoph@winzerhof-wurst.at> 2023-03-21 09:11:00 +0100
committer: Simon L. (Rebase PR Action) <szaimen@e.mail.de> 2023-04-17 16:06:37 +0000
commit: a06898a2d0c4403494747dbb4094dc21b6524348 (patch)
tree: fca15a2408901137f84b930ad134a45c380e364e /lib/base.php
parent: b9520661406bc514ac16f11aeb85b1980d62f581 (diff)
download: nextcloud-server-a06898a2d0c4403494747dbb4094dc21b6524348.tar.gz
nextcloud-server-a06898a2d0c4403494747dbb4094dc21b6524348.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/base.php b/lib/base.php
index f619864acb6..aebe2764be1 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -570,7 +570,9 @@ class OC {
 				// Debug mode gets access to the resources without strict cookie
 				// due to the fact that the SabreDAV browser also lives there.
 				if (!$config->getSystemValue('debug', false)) {
-					http_response_code(\OCP\AppFramework\Http::STATUS_SERVICE_UNAVAILABLE);
+					http_response_code(\OCP\AppFramework\Http::STATUS_PRECONDITION_FAILED);
+					header('Content-Type: application/json');
+					echo json_encode(['error' => 'Strict Cookie has not been found in request']);
 					exit();
 				}
 			}
author	Christoph Wurst <christoph@winzerhof-wurst.at>	2023-03-21 09:11:00 +0100
committer	Simon L. (Rebase PR Action) <szaimen@e.mail.de>	2023-04-17 16:06:37 +0000
commit	a06898a2d0c4403494747dbb4094dc21b6524348 (patch)
tree	fca15a2408901137f84b930ad134a45c380e364e /lib/base.php
parent	b9520661406bc514ac16f11aeb85b1980d62f581 (diff)
download	nextcloud-server-a06898a2d0c4403494747dbb4094dc21b6524348.tar.gz nextcloud-server-a06898a2d0c4403494747dbb4094dc21b6524348.zip