Merge pull request #2985 from nextcloud/fix-trusted-domain-error

Allow access to CSS resources

1 files changed, 16 insertions, 8 deletions

diff --git a/lib/base.php b/lib/base.php
index 4a9158eff64..0fc34b3d9b9 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -791,23 +791,31 @@ class OC {
 			&& !\OC::$server->getTrustedDomainHelper()->isTrustedDomain($host)
 			&& self::$server->getConfig()->getSystemValue('installed', false)
 		) {
-			header('HTTP/1.1 400 Bad Request');
-			header('Status: 400 Bad Request');
+			// Allow access to CSS resources
+			$isScssRequest = false;
+			if(strpos($request->getPathInfo(), '/css/') === 0) {
+				$isScssRequest = true;
+			}
+
+			if (!$isScssRequest) {
+				header('HTTP/1.1 400 Bad Request');
+				header('Status: 400 Bad Request');
 
-			\OC::$server->getLogger()->warning(
+				\OC::$server->getLogger()->warning(
 					'Trusted domain error. "{remoteAddress}" tried to access using "{host}" as host.',
 					[
 						'app' => 'core',
 						'remoteAddress' => $request->getRemoteAddress(),
 						'host' => $host,
 					]
-			);
+				);
 
-			$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
-			$tmpl->assign('domain', $host);
-			$tmpl->printPage();
+				$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
+				$tmpl->assign('domain', $host);
+				$tmpl->printPage();
 
-			exit();
+				exit();
+			}
 		}
 		\OC::$server->getEventLogger()->end('boot');
 	}