added CORS skip if session was created by AppAPI

Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
author: Alexander Piskun <bigcat88@icloud.com> 2023-10-02 11:08:21 +0300
committer: Andrey Borysenko <andrey18106x@gmail.com> 2023-10-09 14:42:30 +0300
commit: 2fb703dfdac399972305c7180f2940d1aaf15b9f (patch)
tree: a46780832028404c09992cc9da7681caa58acc4c /lib/private
parent: e6832ed9320512b0e7d1cc1c9f0b0312157eb15e (diff)
download: nextcloud-server-2fb703dfdac399972305c7180f2940d1aaf15b9f.tar.gz
nextcloud-server-2fb703dfdac399972305c7180f2940d1aaf15b9f.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
index e177a612d96..36fb5a29e3c 100644
--- a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
@@ -97,6 +97,10 @@ class CORSMiddleware extends Middleware {
 			if ($this->request->passesCSRFCheck()) {
 				return;
 			}
+			// Skip CORS check for requests with AppAPI auth.
+			if ($this->session->getSession()->get('app_api') === true) {
+				return;
+			}
 			$this->session->logout();
 			try {
 				if ($user === null || $pass === null || !$this->session->logClientIn($user, $pass, $this->request, $this->throttler)) {
author	Alexander Piskun <bigcat88@icloud.com>	2023-10-02 11:08:21 +0300
committer	Andrey Borysenko <andrey18106x@gmail.com>	2023-10-09 14:42:30 +0300
commit	2fb703dfdac399972305c7180f2940d1aaf15b9f (patch)
tree	a46780832028404c09992cc9da7681caa58acc4c /lib/private
parent	e6832ed9320512b0e7d1cc1c9f0b0312157eb15e (diff)
download	nextcloud-server-2fb703dfdac399972305c7180f2940d1aaf15b9f.tar.gz nextcloud-server-2fb703dfdac399972305c7180f2940d1aaf15b9f.zip