diff options
Diffstat (limited to 'core')
| -rw-r--r-- | core/Controller/CSRFTokenController.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/core/Controller/CSRFTokenController.php b/core/Controller/CSRFTokenController.php index 1ae4dce6a13..b4b04ba2669 100644 --- a/core/Controller/CSRFTokenController.php +++ b/core/Controller/CSRFTokenController.php @@ -28,6 +28,7 @@ namespace OC\Core\Controller; use OC\Security\CSRF\CsrfTokenManager; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http; use OCP\AppFramework\Http\JSONResponse; use OCP\IRequest; @@ -54,6 +55,10 @@ class CSRFTokenController extends Controller { * @return JSONResponse */ public function index(): JSONResponse { + if (!$this->request->passesStrictCookieCheck()) { + return new JSONResponse([], Http::STATUS_FORBIDDEN); + } + $requestToken = $this->tokenManager->getToken(); return new JSONResponse([ |