diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2016-09-08 18:39:33 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-09-08 18:39:33 +0200 |
| commit | d8c4f18c0ccbf3682d021cff4367804c5580c8af (patch) | |
| tree | 5b22acbaf31bd157fa4262f2401bf954c4a5afea /lib | |
| parent | 7cd1369f7695974f720b3c47042692e2155f3f91 (diff) | |
| parent | 6ac890812f00c3de534d55b4452612b9d2c48d59 (diff) | |
| download | nextcloud-server-d8c4f18c0ccbf3682d021cff4367804c5580c8af.tar.gz nextcloud-server-d8c4f18c0ccbf3682d021cff4367804c5580c8af.zip | |
Merge pull request #1328 from nextcloud/add-exemption-for-osx
Add exemptions for incompatible UAs
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/base.php | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/lib/base.php b/lib/base.php index 08fa229e570..b2e45595a3e 100644 --- a/lib/base.php +++ b/lib/base.php @@ -506,8 +506,22 @@ class OC { * also we can't directly interfere with PHP's session mechanism. */ private static function performSameSiteCookieProtection() { + $request = \OC::$server->getRequest(); + + // Some user agents are notorious and don't really properly follow HTTP + // specifications. For those, have an automated opt-out. Since the protection + // for remote.php is applied in base.php as starting point we need to opt out + // here. + $incompatibleUserAgents = [ + // OS X Finder + '/^WebDAVFS/', + ]; + if($request->isUserAgent($incompatibleUserAgents)) { + return; + } + + if(count($_COOKIE) > 0) { - $request = \OC::$server->getRequest(); $requestUri = $request->getScriptName(); $processingScript = explode('/', $requestUri); $processingScript = $processingScript[count($processingScript)-1]; |