diff options
| author | Alexander Piskun <13381981+bigcat88@users.noreply.github.com> | 2023-10-09 13:40:29 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-09 13:40:29 +0300 |
| commit | 4e8ec0bc3676ae66126cd531ad7a12e5b6979b63 (patch) | |
| tree | d0bc8d8a755c01014c8c2f9ecb8db892ced091f4 /lib/private | |
| parent | 9e3dbbdcb5b579d4ce8f44505269e2e69e32b515 (diff) | |
| parent | 6ef3875e745e0ea6211e32ee0f84736474d30dbb (diff) | |
| download | nextcloud-server-4e8ec0bc3676ae66126cd531ad7a12e5b6979b63.tar.gz nextcloud-server-4e8ec0bc3676ae66126cd531ad7a12e5b6979b63.zip | |
Merge pull request #40737 from nextcloud/cors-app_api
added CORS skip if the session was created by AppAPI
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/AppFramework/Middleware/Security/CORSMiddleware.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php index 8bdacf550b6..f0d6ece8a93 100644 --- a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php @@ -38,6 +38,7 @@ use OCP\AppFramework\Http\JSONResponse; use OCP\AppFramework\Http\Response; use OCP\AppFramework\Middleware; use OCP\IRequest; +use OCP\ISession; use OCP\Security\Bruteforce\IThrottler; use ReflectionMethod; @@ -91,6 +92,10 @@ class CORSMiddleware extends Middleware { if ($this->request->passesCSRFCheck()) { return; } + // Skip CORS check for requests with AppAPI auth. + if ($this->session->getSession() instanceof ISession && $this->session->getSession()->get('app_api') === true) { + return; + } $this->session->logout(); try { if ($user === null || $pass === null || !$this->session->logClientIn($user, $pass, $this->request, $this->throttler)) { |