From 9d1705259c832fdfde48a04dcf538d1ecb7c7007 Mon Sep 17 00:00:00 2001
From: provokateurin <kate@provokateurin.de>
Date: Thu, 14 Mar 2024 13:06:32 +0100
Subject: fix(AppFramework): Allow requests with OCS-APIRequest header to pass
 CSRF checks

Signed-off-by: provokateurin <kate@provokateurin.de>
---
 tests/lib/AppFramework/Http/RequestTest.php | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'tests/lib/AppFramework/Http/RequestTest.php')

diff --git a/tests/lib/AppFramework/Http/RequestTest.php b/tests/lib/AppFramework/Http/RequestTest.php
index f0e1f459028..f97341cb265 100644
--- a/tests/lib/AppFramework/Http/RequestTest.php
+++ b/tests/lib/AppFramework/Http/RequestTest.php
@@ -2256,4 +2256,24 @@ class RequestTest extends \Test\TestCase {
 
 		$this->assertFalse($request->passesCSRFCheck());
 	}
+
+	public function testPassesCSRFCheckWithOCSAPIRequestHeader() {
+		/** @var Request $request */
+		$request = $this->getMockBuilder('\OC\AppFramework\Http\Request')
+			->setMethods(['getScriptName'])
+			->setConstructorArgs([
+				[
+					'server' => [
+						'HTTP_OCS_APIREQUEST' => 'true',
+					],
+				],
+				$this->requestId,
+				$this->config,
+				$this->csrfTokenManager,
+				$this->stream
+			])
+			->getMock();
+
+		$this->assertTrue($request->passesCSRFCheck());
+	}
 }
-- 
cgit v1.2.3