From 8626ccab1c8344a5e2c392a0c26da42061e70332 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Thu, 9 Mar 2017 16:48:48 +0100
Subject: dont require strict same site cookies for ocs requests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 lib/private/AppFramework/Http/Request.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/private/AppFramework/Http/Request.php b/lib/private/AppFramework/Http/Request.php
index be35f4d172f..fd43d468568 100644
--- a/lib/private/AppFramework/Http/Request.php
+++ b/lib/private/AppFramework/Http/Request.php
@@ -490,6 +490,9 @@ class Request implements \ArrayAccess, \Countable, IRequest {
 	 * @return bool
 	 */
 	private function cookieCheckRequired() {
+		if ($this->getHeader('OCS-APIREQUEST')) {
+			return false;
+		}
 		if($this->getCookie(session_name()) === null && $this->getCookie('nc_token') === null) {
 			return false;
 		}
-- 
cgit v1.2.3


From 9a8cef965f607fb8b73234fabcc5f47252e893cc Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Fri, 10 Mar 2017 14:11:00 +0100
Subject: add test for skipping cookie checks for ocs

Signed-off-by: Robin Appelman <robin@icewind.nl>
---
 tests/lib/AppFramework/Http/RequestTest.php | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/tests/lib/AppFramework/Http/RequestTest.php b/tests/lib/AppFramework/Http/RequestTest.php
index 6c6504b4de8..cc4bbee2d8d 100644
--- a/tests/lib/AppFramework/Http/RequestTest.php
+++ b/tests/lib/AppFramework/Http/RequestTest.php
@@ -1787,6 +1787,31 @@ class RequestTest extends \Test\TestCase {
 		$this->assertFalse($request->passesLaxCookieCheck());
 	}
 
+	public function testSkipCookieCheckForOCSRequests() {
+		/** @var Request $request */
+		$request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
+			->setMethods(['getScriptName'])
+			->setConstructorArgs([
+				[
+					'server' => [
+						'HTTP_REQUESTTOKEN' => 'AAAHGxsTCTc3BgMQESAcNR0OAR0=:MyTotalSecretShareds',
+						'HTTP_OCS_APIREQUEST' => 'true',
+					],
+					'cookies' => [
+						session_name() => 'asdf',
+						'nc_sameSiteCookiestrict' => 'false',
+					],
+				],
+				$this->secureRandom,
+				$this->config,
+				$this->csrfTokenManager,
+				$this->stream
+			])
+			->getMock();
+
+		$this->assertTrue($request->passesStrictCookieCheck());
+	}
+
 	/**
 	 * @return array
 	 */
-- 
cgit v1.2.3