fix(security): Log failing strict cookie check

The error is silent otherwise and makes it very hard to debug on a production system. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
author: Christoph Wurst <christoph@winzerhof-wurst.at> 2023-03-20 16:26:41 +0100
committer: Christoph Wurst <christoph@winzerhof-wurst.at> 2023-03-20 16:26:41 +0100
commit: 0e6fccf9e1d67c0fc3ef76b4dce600eb41ac6aa5 (patch)
tree: ab93af6e44df56cead6b343b422308c27d642b7f /lib/base.php
parent: 8f59ff880fcc3a90e8eb92292ceefcf36d050733 (diff)
download: nextcloud-server-0e6fccf9e1d67c0fc3ef76b4dce600eb41ac6aa5.tar.gz
nextcloud-server-0e6fccf9e1d67c0fc3ef76b4dce600eb41ac6aa5.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/base.php b/lib/base.php
index be931e70d55..e9205e1dc66 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -561,6 +561,7 @@ class OC {
 
 			// All other endpoints require the lax and the strict cookie
 			if (!$request->passesStrictCookieCheck()) {
+				logger('core')->warning('Request does not pass strict cookie check');
 				self::sendSameSiteCookies();
 				// Debug mode gets access to the resources without strict cookie
 				// due to the fact that the SabreDAV browser also lives there.
author	Christoph Wurst <christoph@winzerhof-wurst.at>	2023-03-20 16:26:41 +0100
committer	Christoph Wurst <christoph@winzerhof-wurst.at>	2023-03-20 16:26:41 +0100
commit	0e6fccf9e1d67c0fc3ef76b4dce600eb41ac6aa5 (patch)
tree	ab93af6e44df56cead6b343b422308c27d642b7f /lib/base.php
parent	8f59ff880fcc3a90e8eb92292ceefcf36d050733 (diff)
download	nextcloud-server-0e6fccf9e1d67c0fc3ef76b4dce600eb41ac6aa5.tar.gz nextcloud-server-0e6fccf9e1d67c0fc3ef76b4dce600eb41ac6aa5.zip