upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-11 09:42:09 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 40

Merge pull request #33174 from nextcloud/fix/redirect-css-not-found

Browse source 
Do not redirect if requested font, style or script can not be found
This commit is contained in:
Vincent Petry 2022-08-08 17:12:40 +02:00 committed by GitHub
commit 00a01a1f5b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
lib/base.php
View file

@ -1055,6 +1055,15 @@ class OC {
return;
}
// Handle resources that can't be found
// This prevents browsers from redirecting to the default page and then
// attempting to parse HTML as CSS and similar.
$destinationHeader = $request->getHeader('Sec-Fetch-Dest');
if (in_array($destinationHeader, ['font', 'script', 'style'])) {
http_response_code(404);
return;
}
// Someone is logged in
if (\OC::$server->getUserSession()->isLoggedIn()) {
OC_App::loadApps();