Merge pull request #6660 from nextcloud/remove_saml_hack

Remove SAML hack from base.php

1 files changed, 1 insertions, 16 deletions

diff --git a/lib/base.php b/lib/base.php
index 76069303a52..c76d83cd220 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -543,22 +543,7 @@ class OC {
 			$requestUri = $request->getScriptName();
 			$processingScript = explode('/', $requestUri);
 			$processingScript = $processingScript[count($processingScript)-1];
-			// FIXME: In a SAML scenario we don't get any strict or lax cookie
-			// send for the ACS endpoint. Since we have some legacy code in Nextcloud
-			// (direct PHP files) the enforcement of lax cookies is performed here
-			// instead of the middleware.
-			//
-			// This means we cannot exclude some routes from the cookie validation,
-			// which normally is not a problem but is a little bit cumbersome for
-			// this use-case.
-			// Once the old legacy PHP endpoints have been removed we can move
-			// the verification into a middleware and also adds some exemptions.
-			//
-			// Questions about this code? Ask Lukas ;-)
-			$currentUrl = substr(explode('?',$request->getRequestUri(), 2)[0], strlen(\OC::$WEBROOT));
-			if($currentUrl === '/index.php/apps/user_saml/saml/acs' || $currentUrl === '/apps/user_saml/saml/acs') {
-				return;
-			}
+
 			// index.php routes are handled in the middleware
 			if($processingScript === 'index.php') {
 				return;