added CORS skip if session was created by AppAPI

Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
author: Alexander Piskun <bigcat88@icloud.com> 2023-10-02 11:08:21 +0300
committer: Alexander Piskun <bigcat88@icloud.com> 2023-10-02 11:08:21 +0300
commit: f16c9f42c65d784f5c394de4d19a6f58b525aaa3 (patch)
tree: 0b2373859e43b44dfeaef86b5a906c1a00de845c /lib/private
parent: 3622af9b433cd69761645c9e45c5778e72bc40bb (diff)
download: nextcloud-server-f16c9f42c65d784f5c394de4d19a6f58b525aaa3.tar.gz
nextcloud-server-f16c9f42c65d784f5c394de4d19a6f58b525aaa3.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
index 8bdacf550b6..145b412104c 100644
--- a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
@@ -91,6 +91,10 @@ class CORSMiddleware extends Middleware {
 			if ($this->request->passesCSRFCheck()) {
 				return;
 			}
+			// Skip CORS check for requests with AppAPI auth.
+			if ($this->session->getSession()->get('app_api') === true) {
+				return;
+			}
 			$this->session->logout();
 			try {
 				if ($user === null || $pass === null || !$this->session->logClientIn($user, $pass, $this->request, $this->throttler)) {
author	Alexander Piskun <bigcat88@icloud.com>	2023-10-02 11:08:21 +0300
committer	Alexander Piskun <bigcat88@icloud.com>	2023-10-02 11:08:21 +0300
commit	f16c9f42c65d784f5c394de4d19a6f58b525aaa3 (patch)
tree	0b2373859e43b44dfeaef86b5a906c1a00de845c /lib/private
parent	3622af9b433cd69761645c9e45c5778e72bc40bb (diff)
download	nextcloud-server-f16c9f42c65d784f5c394de4d19a6f58b525aaa3.tar.gz nextcloud-server-f16c9f42c65d784f5c394de4d19a6f58b525aaa3.zip