Allow CSRF on CORS routes

Co-authored-by: Julius Härtl <jus@bitgrid.net> Co-authored-by: Andreas Brinner <andreas@everlanes.net> Signed-off-by: Jonas Rittershofer <jotoeri@users.noreply.github.com>
author: Jonas Rittershofer <jotoeri@users.noreply.github.com> 2022-04-02 18:04:41 +0200
committer: Joas Schilling (Rebase PR Action) <nickvergessen@users.noreply.github.com> 2022-09-21 10:42:00 +0000
commit: c8b7a233a5b05fd4402936a343b0dc1f6442c5ed (patch)
tree: 10b828e6676a9016ba74eef3e3560a8bcefb9950 /lib/public
parent: 48def620cb2132258be7eaf2495f67a5d88a1932 (diff)
download: nextcloud-server-c8b7a233a5b05fd4402936a343b0dc1f6442c5ed.tar.gz
nextcloud-server-c8b7a233a5b05fd4402936a343b0dc1f6442c5ed.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/public/AppFramework/OCSController.php b/lib/public/AppFramework/OCSController.php
index 09c28667dcd..11bac9effd5 100644
--- a/lib/public/AppFramework/OCSController.php
+++ b/lib/public/AppFramework/OCSController.php
@@ -61,7 +61,7 @@ abstract class OCSController extends ApiController {
 	public function __construct($appName,
 								IRequest $request,
 								$corsMethods = 'PUT, POST, GET, DELETE, PATCH',
-								$corsAllowedHeaders = 'Authorization, Content-Type, Accept',
+								$corsAllowedHeaders = 'Authorization, Content-Type, Accept, OCS-APIRequest',
 								$corsMaxAge = 1728000) {
 		parent::__construct($appName, $request, $corsMethods,
 							$corsAllowedHeaders, $corsMaxAge);
author	Jonas Rittershofer <jotoeri@users.noreply.github.com>	2022-04-02 18:04:41 +0200
committer	Joas Schilling (Rebase PR Action) <nickvergessen@users.noreply.github.com>	2022-09-21 10:42:00 +0000
commit	c8b7a233a5b05fd4402936a343b0dc1f6442c5ed (patch)
tree	10b828e6676a9016ba74eef3e3560a8bcefb9950 /lib/public
parent	48def620cb2132258be7eaf2495f67a5d88a1932 (diff)
download	nextcloud-server-c8b7a233a5b05fd4402936a343b0dc1f6442c5ed.tar.gz nextcloud-server-c8b7a233a5b05fd4402936a343b0dc1f6442c5ed.zip