diff options
| author | provokateurin <kate@provokateurin.de> | 2024-03-14 13:06:32 +0100 |
|---|---|---|
| committer | provokateurin <kate@provokateurin.de> | 2024-07-25 17:31:49 +0200 |
| commit | 9d1705259c832fdfde48a04dcf538d1ecb7c7007 (patch) | |
| tree | b164202b79db25e4e0b5a67663b6a90d8ae2a2fe /lib | |
| parent | d5bb37ab0d872fb4bdb1ec61809c575a46341a25 (diff) | |
| download | nextcloud-server-9d1705259c832fdfde48a04dcf538d1ecb7c7007.tar.gz nextcloud-server-9d1705259c832fdfde48a04dcf538d1ecb7c7007.zip | |
fix(AppFramework): Allow requests with OCS-APIRequest header to pass CSRF checks
Signed-off-by: provokateurin <kate@provokateurin.de>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/AppFramework/Http/Request.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/private/AppFramework/Http/Request.php b/lib/private/AppFramework/Http/Request.php index 0bd430545d4..f790dae226c 100644 --- a/lib/private/AppFramework/Http/Request.php +++ b/lib/private/AppFramework/Http/Request.php @@ -426,6 +426,10 @@ class Request implements \ArrayAccess, \Countable, IRequest { return false; } + if ($this->getHeader('OCS-APIRequest') !== '') { + return true; + } + if (isset($this->items['get']['requesttoken'])) { $token = $this->items['get']['requesttoken']; } elseif (isset($this->items['post']['requesttoken'])) { |