summaryrefslogtreecommitdiffstats
path: root/lib/private/AppFramework
diff options
context:
space:
mode:
authorJoas Schilling <coding@schilljs.com>2016-08-31 15:59:16 +0200
committerGitHub <noreply@github.com>2016-08-31 15:59:16 +0200
commitf9cea0b582005ed257695e15a444eb372fff95f9 (patch)
treef599646e2eeef9206aa12a6fe2819378f04c09df /lib/private/AppFramework
parenta0af513a4a4adc295f5673fd7d1d7fd25c6ac75a (diff)
parentb53ea18ea59c76368b28198968c59b783f17122f (diff)
downloadnextcloud-server-f9cea0b582005ed257695e15a444eb372fff95f9.tar.gz
nextcloud-server-f9cea0b582005ed257695e15a444eb372fff95f9.zip
Merge pull request #797 from nextcloud/only-match-for-auth-cookie
Match only for actual session cookie
Diffstat (limited to 'lib/private/AppFramework')
-rw-r--r--lib/private/AppFramework/Http/Request.php17
1 files changed, 15 insertions, 2 deletions
diff --git a/lib/private/AppFramework/Http/Request.php b/lib/private/AppFramework/Http/Request.php
index 46122f880cc..ba8a48381bd 100644
--- a/lib/private/AppFramework/Http/Request.php
+++ b/lib/private/AppFramework/Http/Request.php
@@ -485,6 +485,19 @@ class Request implements \ArrayAccess, \Countable, IRequest {
}
/**
+ * Whether the cookie checks are required
+ *
+ * @return bool
+ */
+ private function cookieCheckRequired() {
+ if($this->getCookie(session_name()) === null && $this->getCookie('oc_token') === null) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
* Checks if the strict cookie has been sent with the request if the request
* is including any cookies.
*
@@ -492,7 +505,7 @@ class Request implements \ArrayAccess, \Countable, IRequest {
* @since 9.1.0
*/
public function passesStrictCookieCheck() {
- if(count($this->cookies) === 0) {
+ if(!$this->cookieCheckRequired()) {
return true;
}
if($this->getCookie('nc_sameSiteCookiestrict') === 'true'
@@ -510,7 +523,7 @@ class Request implements \ArrayAccess, \Countable, IRequest {
* @since 9.1.0
*/
public function passesLaxCookieCheck() {
- if(count($this->cookies) === 0) {
+ if(!$this->cookieCheckRequired()) {
return true;
}
if($this->getCookie('nc_sameSiteCookielax') === 'true') {