Merge pull request #47650 from nextcloud/chore/cleanup-middleware

3 files changed, 11 insertions, 21 deletions

diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php
index b11dec93426..a96e050c0e6 100644
--- a/lib/private/AppFramework/DependencyInjection/DIContainer.php
+++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php
@@ -242,7 +242,6 @@ class DIContainer extends SimpleContainer implements IAppContainer {
 				new OC\AppFramework\Middleware\Security\CSPMiddleware(
 					$server->query(OC\Security\CSP\ContentSecurityPolicyManager::class),
 					$server->query(OC\Security\CSP\ContentSecurityPolicyNonceManager::class),
-					$server->query(OC\Security\CSRF\CsrfTokenManager::class)
 				)
 			);
 			$dispatcher->registerMiddleware(
diff --git a/lib/private/AppFramework/Middleware/Security/CSPMiddleware.php b/lib/private/AppFramework/Middleware/Security/CSPMiddleware.php
index 32e9b04cd1e..e88c9563c00 100644
--- a/lib/private/AppFramework/Middleware/Security/CSPMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/CSPMiddleware.php
@@ -10,7 +10,6 @@ namespace OC\AppFramework\Middleware\Security;
 
 use OC\Security\CSP\ContentSecurityPolicyManager;
 use OC\Security\CSP\ContentSecurityPolicyNonceManager;
-use OC\Security\CSRF\CsrfTokenManager;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\ContentSecurityPolicy;
 use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
@@ -18,19 +17,11 @@ use OCP\AppFramework\Http\Response;
 use OCP\AppFramework\Middleware;
 
 class CSPMiddleware extends Middleware {
-	/** @var ContentSecurityPolicyManager */
-	private $contentSecurityPolicyManager;
-	/** @var ContentSecurityPolicyNonceManager */
-	private $cspNonceManager;
-	/** @var CsrfTokenManager */
-	private $csrfTokenManager;
-
-	public function __construct(ContentSecurityPolicyManager $policyManager,
-		ContentSecurityPolicyNonceManager $cspNonceManager,
-		CsrfTokenManager $csrfTokenManager) {
-		$this->contentSecurityPolicyManager = $policyManager;
-		$this->cspNonceManager = $cspNonceManager;
-		$this->csrfTokenManager = $csrfTokenManager;
+
+	public function __construct(
+		private ContentSecurityPolicyManager $policyManager,
+		private ContentSecurityPolicyNonceManager $cspNonceManager,
+	) {
 	}
 
 	/**
@@ -49,8 +40,8 @@ class CSPMiddleware extends Middleware {
 			return $response;
 		}
 
-		$defaultPolicy = $this->contentSecurityPolicyManager->getDefaultPolicy();
-		$defaultPolicy = $this->contentSecurityPolicyManager->mergePolicies($defaultPolicy, $policy);
+		$defaultPolicy = $this->policyManager->getDefaultPolicy();
+		$defaultPolicy = $this->policyManager->mergePolicies($defaultPolicy, $policy);
 
 		if ($this->cspNonceManager->browserSupportsCspV3()) {
 			$defaultPolicy->useJsNonce($this->cspNonceManager->getNonce());
diff --git a/lib/private/AppFramework/Middleware/Security/SameSiteCookieMiddleware.php b/lib/private/AppFramework/Middleware/Security/SameSiteCookieMiddleware.php
index e0bb96f132b..efe56e0b124 100644
--- a/lib/private/AppFramework/Middleware/Security/SameSiteCookieMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/SameSiteCookieMiddleware.php
@@ -46,13 +46,13 @@ class SameSiteCookieMiddleware extends Middleware {
 
 	public function afterException($controller, $methodName, \Exception $exception) {
 		if ($exception instanceof LaxSameSiteCookieFailedException) {
-			$respone = new Response();
-			$respone->setStatus(Http::STATUS_FOUND);
-			$respone->addHeader('Location', $this->request->getRequestUri());
+			$response = new Response();
+			$response->setStatus(Http::STATUS_FOUND);
+			$response->addHeader('Location', $this->request->getRequestUri());
 
 			$this->setSameSiteCookie();
 
-			return $respone;
+			return $response;
 		}
 
 		throw $exception;