Merge pull request #46760 from nextcloud/fix/appframework/csrf-custom-header

author: John Molakvoæ <skjnldsv@users.noreply.github.com> 2024-07-27 16:27:52 +0200
committer: GitHub <noreply@github.com> 2024-07-27 16:27:52 +0200
commit: 0ae83d6183b5113b9e9116f13a0eb3ebe19bc44d (patch)
tree: 73b959034ffa228ad5547ae6b3b88e4c7b950a31 /tests
parent: 0f953c5cbdfff0a472eca07301d2c5a9966676e9 (diff)
parent: 9d1705259c832fdfde48a04dcf538d1ecb7c7007 (diff)
download: nextcloud-server-0ae83d6183b5113b9e9116f13a0eb3ebe19bc44d.tar.gz
nextcloud-server-0ae83d6183b5113b9e9116f13a0eb3ebe19bc44d.zip
1 files changed, 20 insertions, 0 deletions
diff --git a/tests/lib/AppFramework/Http/RequestTest.php b/tests/lib/AppFramework/Http/RequestTest.php
index f0e1f459028..f97341cb265 100644
--- a/tests/lib/AppFramework/Http/RequestTest.php
+++ b/tests/lib/AppFramework/Http/RequestTest.php
@@ -2256,4 +2256,24 @@ class RequestTest extends \Test\TestCase {
 
 		$this->assertFalse($request->passesCSRFCheck());
 	}
+
+	public function testPassesCSRFCheckWithOCSAPIRequestHeader() {
+		/** @var Request $request */
+		$request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
+			->setMethods(['getScriptName'])
+			->setConstructorArgs([
+				[
+					'server' => [
+						'HTTP_OCS_APIREQUEST' => 'true',
+					],
+				],
+				$this->requestId,
+				$this->config,
+				$this->csrfTokenManager,
+				$this->stream
+			])
+			->getMock();
+
+		$this->assertTrue($request->passesCSRFCheck());
+	}
 }
author	John Molakvoæ <skjnldsv@users.noreply.github.com>	2024-07-27 16:27:52 +0200
committer	GitHub <noreply@github.com>	2024-07-27 16:27:52 +0200
commit	0ae83d6183b5113b9e9116f13a0eb3ebe19bc44d (patch)
tree	73b959034ffa228ad5547ae6b3b88e4c7b950a31 /tests
parent	0f953c5cbdfff0a472eca07301d2c5a9966676e9 (diff)
parent	9d1705259c832fdfde48a04dcf538d1ecb7c7007 (diff)
download	nextcloud-server-0ae83d6183b5113b9e9116f13a0eb3ebe19bc44d.tar.gz nextcloud-server-0ae83d6183b5113b9e9116f13a0eb3ebe19bc44d.zip