diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2018-06-07 15:36:33 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-06-07 15:36:33 +0200 |
| commit | c60c8ac675f19fe6d42317e09868236f7bb4a03a (patch) | |
| tree | f65ec10530cbbce3ce02e0c3d26c5a8fa5cf7b36 /lib | |
| parent | 43edffa93c9a1a615acf518ea907a55681a1599c (diff) | |
| parent | 199fe0a34713b98903fc50c40fbfffbc0ec0b63d (diff) | |
| download | nextcloud-server-c60c8ac675f19fe6d42317e09868236f7bb4a03a.tar.gz nextcloud-server-c60c8ac675f19fe6d42317e09868236f7bb4a03a.zip | |
Merge pull request #9772 from nextcloud/feature/8123/same_site_cookie_config_php
Move samesite cookie opt-out to config.php
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/base.php | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/lib/base.php b/lib/base.php index 57a620db0ec..5cc33e233f9 100644 --- a/lib/base.php +++ b/lib/base.php @@ -523,11 +523,18 @@ class OC { // specifications. For those, have an automated opt-out. Since the protection // for remote.php is applied in base.php as starting point we need to opt out // here. - $incompatibleUserAgents = [ - // OS X Finder - '/^WebDAVFS/', - '/^Microsoft-WebDAV-MiniRedir/', - ]; + $incompatibleUserAgents = \OC::$server->getConfig()->getSystemValue('csrf.optout'); + + // Fallback, if csrf.optout is unset + if (!is_array($incompatibleUserAgents)) { + $incompatibleUserAgents = [ + // OS X Finder + '/^WebDAVFS/', + // Windows webdav drive + '/^Microsoft-WebDAV-MiniRedir/', + ]; + } + if($request->isUserAgent($incompatibleUserAgents)) { return; } |