1 files changed, 5 insertions, 0 deletions

diff --git a/core/Controller/CSRFTokenController.php b/core/Controller/CSRFTokenController.php
index 1ae4dce6a13..b4b04ba2669 100644
--- a/core/Controller/CSRFTokenController.php
+++ b/core/Controller/CSRFTokenController.php
@@ -28,6 +28,7 @@ namespace OC\Core\Controller;
 
 use OC\Security\CSRF\CsrfTokenManager;
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\JSONResponse;
 use OCP\IRequest;
 
@@ -54,6 +55,10 @@ class CSRFTokenController extends Controller {
 	 * @return JSONResponse
 	 */
 	public function index(): JSONResponse {
+		if (!$this->request->passesStrictCookieCheck()) {
+			return new JSONResponse([], Http::STATUS_FORBIDDEN);
+		}
+
 		$requestToken = $this->tokenManager->getToken();
 
 		return new JSONResponse([