diff options
| -rw-r--r-- | lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php | 2 | ||||
| -rw-r--r-- | tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php index 08af42b5216..3bfef2df025 100644 --- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php @@ -153,7 +153,7 @@ class SecurityMiddleware extends Middleware { */ if(!$this->request->passesCSRFCheck() && !( $controller instanceof OCSController && - $this->request->getHeader('OCS_APIREQUEST') === true)) { + $this->request->getHeader('OCS-APIREQUEST') === 'true')) { throw new CrossSiteRequestForgeryException(); } } diff --git a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php index 6f675932135..bfd810bc6b9 100644 --- a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php +++ b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php @@ -383,7 +383,7 @@ class SecurityMiddlewareTest extends \Test\TestCase { [$controller, true, true], [$ocsController, false, true], - [$ocsController, true, true], + [$ocsController, true, false], ]; } @@ -396,6 +396,7 @@ class SecurityMiddlewareTest extends \Test\TestCase { public function testCsrfOcsController(Controller $controller, $hasOcsApiHeader, $exception) { $this->request ->method('getHeader') + ->with('OCS-APIREQUEST') ->willReturn($hasOcsApiHeader ? 'true' : null); $this->request->expects($this->once()) ->method('passesStrictCookieCheck') |