From f16c9f42c65d784f5c394de4d19a6f58b525aaa3 Mon Sep 17 00:00:00 2001
From: Alexander Piskun <bigcat88@icloud.com>
Date: Mon, 2 Oct 2023 11:08:21 +0300
Subject: added CORS skip if session was created by AppAPI

Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
---
 lib/private/AppFramework/Middleware/Security/CORSMiddleware.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lib')

diff --git a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
index 8bdacf550b6..145b412104c 100644
--- a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
@@ -91,6 +91,10 @@ class CORSMiddleware extends Middleware {
 			if ($this->request->passesCSRFCheck()) {
 				return;
 			}
+			// Skip CORS check for requests with AppAPI auth.
+			if ($this->session->getSession()->get('app_api') === true) {
+				return;
+			}
 			$this->session->logout();
 			try {
 				if ($user === null || $pass === null || !$this->session->logClientIn($user, $pass, $this->request, $this->throttler)) {
-- 
cgit v1.2.3