diff options
| author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2022-07-08 18:28:14 +0200 |
|---|---|---|
| committer | Christoph Wurst <christoph@winzerhof-wurst.at> | 2022-08-08 14:09:58 +0200 |
| commit | a1149b03781c1e552677d46c7970bceea4cc053a (patch) | |
| tree | dbaee9e8dc4e02577b88e9f5b6e5dae98e0ca436 /lib/base.php | |
| parent | fe2f8b5d189cbcda8c4f197197169a6e015d6622 (diff) | |
| download | nextcloud-server-a1149b03781c1e552677d46c7970bceea4cc053a.tar.gz nextcloud-server-a1149b03781c1e552677d46c7970bceea4cc053a.zip | |
Do not redirect if requested CSS can not be found
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'lib/base.php')
| -rw-r--r-- | lib/base.php | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/base.php b/lib/base.php index 26ad684a81a..be2567cfd33 100644 --- a/lib/base.php +++ b/lib/base.php @@ -1055,6 +1055,15 @@ class OC { return; } + // Handle resources that can't be found + // This prevents browsers from redirecting to the default page and then + // attempting to parse HTML as CSS and similar. + $destinationHeader = $request->getHeader('Sec-Fetch-Dest'); + if (in_array($destinationHeader, ['font', 'script', 'style'])) { + http_response_code(404); + return; + } + // Someone is logged in if (\OC::$server->getUserSession()->isLoggedIn()) { OC_App::loadApps(); |