Merge pull request #476 from nextcloud/port-same-site-cookies

[master] Port Same-Site Cookies to master

2 files changed, 23 insertions, 0 deletions

diff --git a/lib/public/IRequest.php b/lib/public/IRequest.php
index 4db1c18b9c1..46e67d1415f 100644
--- a/lib/public/IRequest.php
+++ b/lib/public/IRequest.php
@@ -158,6 +158,24 @@ interface IRequest {
 	public function passesCSRFCheck();
 
 	/**
+	 * Checks if the strict cookie has been sent with the request if the request
+	 * is including any cookies.
+	 *
+	 * @return bool
+	 * @since 9.0.0
+	 */
+	public function passesStrictCookieCheck();
+
+	/**
+	 * Checks if the lax cookie has been sent with the request if the request
+	 * is including any cookies.
+	 *
+	 * @return bool
+	 * @since 9.0.0
+	 */
+	public function passesLaxCookieCheck();
+
+	/**
 	 * Returns an ID for the request, value is not guaranteed to be unique and is mostly meant for logging
 	 * If `mod_unique_id` is installed this value will be taken.
 	 *
diff --git a/lib/public/Util.php b/lib/public/Util.php
index 687f4e78f69..9422dbac66a 100644
--- a/lib/public/Util.php
+++ b/lib/public/Util.php
@@ -513,6 +513,11 @@ class Util {
 	 * @deprecated 9.0.0 Use annotations based on the app framework.
 	 */
 	public static function callCheck() {
+		if(!\OC::$server->getRequest()->passesStrictCookieCheck()) {
+			header('Location: '.\OC::$WEBROOT);
+			exit();
+		}
+
 		if (!(\OC::$server->getRequest()->passesCSRFCheck())) {
 			exit();
 		}