[master] Port Same-Site Cookies to master

Fixes https://github.com/nextcloud/server/issues/50
author: Lukas Reschke <lukas@statuscode.ch> 2016-07-20 17:37:30 +0200
committer: Lukas Reschke <lukas@statuscode.ch> 2016-07-20 18:37:57 +0200
commit: a299fa38a9172f16e4bc48d4bd4f9807cec2f737 (patch)
tree: abd17d7cc5eabc8acf7cb5b1acb30a12abe1581e /lib/private/legacy/eventsource.php
parent: 7cdf6402ff9a0e07866ca8bcfcffd0e0897b646a (diff)
download: nextcloud-server-a299fa38a9172f16e4bc48d4bd4f9807cec2f737.tar.gz
nextcloud-server-a299fa38a9172f16e4bc48d4bd4f9807cec2f737.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/private/legacy/eventsource.php b/lib/private/legacy/eventsource.php
index 51040e7be7d..70e9847d237 100644
--- a/lib/private/legacy/eventsource.php
+++ b/lib/private/legacy/eventsource.php
@@ -76,6 +76,10 @@ class OC_EventSource implements \OCP\IEventSource {
 		} else {
 			header("Content-Type: text/event-stream");
 		}
+		if(!\OC::$server->getRequest()->passesStrictCookieCheck()) {
+			header('Location: '.\OC::$WEBROOT);
+			exit();
+		}
 		if (!(\OC::$server->getRequest()->passesCSRFCheck())) {
 			$this->send('error', 'Possible CSRF attack. Connection will be closed.');
 			$this->close();
author	Lukas Reschke <lukas@statuscode.ch>	2016-07-20 17:37:30 +0200
committer	Lukas Reschke <lukas@statuscode.ch>	2016-07-20 18:37:57 +0200
commit	a299fa38a9172f16e4bc48d4bd4f9807cec2f737 (patch)
tree	abd17d7cc5eabc8acf7cb5b1acb30a12abe1581e /lib/private/legacy/eventsource.php
parent	7cdf6402ff9a0e07866ca8bcfcffd0e0897b646a (diff)
download	nextcloud-server-a299fa38a9172f16e4bc48d4bd4f9807cec2f737.tar.gz nextcloud-server-a299fa38a9172f16e4bc48d4bd4f9807cec2f737.zip