feat(security): Add PHP \Attribute for remaining security annotations

Signed-off-by: Joas Schilling <coding@schilljs.com>
author: Joas Schilling <coding@schilljs.com> 2023-04-24 17:13:18 +0200
committer: Joas Schilling <coding@schilljs.com> 2023-04-25 14:50:32 +0200
commit: ecb8b55c5c01ca5cfbf23ef241536ef76c8f277d (patch)
tree: c07f24f3837a96ea963e45092b08a73658c10ace /lib/public/AppFramework/ApiController.php
parent: 2abefff2899952ea422d708fbda611f1695125fd (diff)
download: nextcloud-server-ecb8b55c5c01ca5cfbf23ef241536ef76c8f277d.tar.gz
nextcloud-server-ecb8b55c5c01ca5cfbf23ef241536ef76c8f277d.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/public/AppFramework/ApiController.php b/lib/public/AppFramework/ApiController.php
index 83dfaf93bc6..66c278e62d8 100644
--- a/lib/public/AppFramework/ApiController.php
+++ b/lib/public/AppFramework/ApiController.php
@@ -23,6 +23,8 @@
  */
 namespace OCP\AppFramework;
 
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
+use OCP\AppFramework\Http\Attribute\PublicPage;
 use OCP\AppFramework\Http\Response;
 use OCP\IRequest;
 
@@ -70,6 +72,8 @@ abstract class ApiController extends Controller {
 	 * @PublicPage
 	 * @since 7.0.0
 	 */
+	#[NoCSRFRequired]
+	#[PublicPage]
 	public function preflightedCors() {
 		if (isset($this->request->server['HTTP_ORIGIN'])) {
 			$origin = $this->request->server['HTTP_ORIGIN'];
author	Joas Schilling <coding@schilljs.com>	2023-04-24 17:13:18 +0200
committer	Joas Schilling <coding@schilljs.com>	2023-04-25 14:50:32 +0200
commit	ecb8b55c5c01ca5cfbf23ef241536ef76c8f277d (patch)
tree	c07f24f3837a96ea963e45092b08a73658c10ace /lib/public/AppFramework/ApiController.php
parent	2abefff2899952ea422d708fbda611f1695125fd (diff)
download	nextcloud-server-ecb8b55c5c01ca5cfbf23ef241536ef76c8f277d.tar.gz nextcloud-server-ecb8b55c5c01ca5cfbf23ef241536ef76c8f277d.zip