Merge pull request #684 from nextcloud/fix_csrf_ocs

Fix OCS CSRF
author: Lukas Reschke <lukas@statuscode.ch> 2016-08-01 11:52:56 +0200
committer: GitHub <noreply@github.com> 2016-08-01 11:52:56 +0200
commit: 8a7d450fb5c80477e4414cfdf86b4737905cb8f3 (patch)
tree: d3a1236d52d3134b7ab3cb14d66832b5bc5c0100 /lib
parent: 368e1c3f2bb4040229de993f3ae20d74966c8e66 (diff)
parent: 5c718b13b8c68fc89661edbdbd40822bb55f544a (diff)
download: nextcloud-server-8a7d450fb5c80477e4414cfdf86b4737905cb8f3.tar.gz
nextcloud-server-8a7d450fb5c80477e4414cfdf86b4737905cb8f3.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
index 08af42b5216..3bfef2df025 100644
--- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
@@ -153,7 +153,7 @@ class SecurityMiddleware extends Middleware {
 			 */
 			if(!$this->request->passesCSRFCheck() && !(
 					$controller instanceof OCSController &&
-					$this->request->getHeader('OCS_APIREQUEST') === true)) {
+					$this->request->getHeader('OCS-APIREQUEST') === 'true')) {
 				throw new CrossSiteRequestForgeryException();
 			}
 		}
author	Lukas Reschke <lukas@statuscode.ch>	2016-08-01 11:52:56 +0200
committer	GitHub <noreply@github.com>	2016-08-01 11:52:56 +0200
commit	8a7d450fb5c80477e4414cfdf86b4737905cb8f3 (patch)
tree	d3a1236d52d3134b7ab3cb14d66832b5bc5c0100 /lib
parent	368e1c3f2bb4040229de993f3ae20d74966c8e66 (diff)
parent	5c718b13b8c68fc89661edbdbd40822bb55f544a (diff)
download	nextcloud-server-8a7d450fb5c80477e4414cfdf86b4737905cb8f3.tar.gz nextcloud-server-8a7d450fb5c80477e4414cfdf86b4737905cb8f3.zip