diff options
| author | Daniel Kesselberg <mail@danielkesselberg.de> | 2023-08-15 18:58:52 +0200 |
|---|---|---|
| committer | Daniel Kesselberg <mail@danielkesselberg.de> | 2024-08-14 15:41:27 +0200 |
| commit | 6e176840c882cfe11152de6350788d74374a54ae (patch) | |
| tree | 36c324e1d646051ba36988094fdeb28371e39f1d /lib/private/EventSource.php | |
| parent | 0f10cabf2a7ff6652f7b29e81f3682fac941e647 (diff) | |
| download | nextcloud-server-dept-remove-csrf-dependency-from-request.tar.gz nextcloud-server-dept-remove-csrf-dependency-from-request.zip | |
feat: move csrf validation out of requestdept-remove-csrf-dependency-from-request
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
Diffstat (limited to 'lib/private/EventSource.php')
| -rw-r--r-- | lib/private/EventSource.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/private/EventSource.php b/lib/private/EventSource.php index dbeda25049e..bf56003365c 100644 --- a/lib/private/EventSource.php +++ b/lib/private/EventSource.php @@ -10,6 +10,7 @@ namespace OC; use OCP\IEventSource; use OCP\IRequest; +use OCP\Security\CSRF\ICsrfValidator; class EventSource implements IEventSource { private bool $fallback = false; @@ -18,6 +19,7 @@ class EventSource implements IEventSource { public function __construct( private IRequest $request, + private ICsrfValidator $csrfValidator, ) { } @@ -54,7 +56,7 @@ class EventSource implements IEventSource { header('Location: '.\OC::$WEBROOT); exit(); } - if (!$this->request->passesCSRFCheck()) { + if (!$this->csrfValidator->validate($this->request)) { $this->send('error', 'Possible CSRF attack. Connection will be closed.'); $this->close(); exit(); |