upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-05 00:56:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 31

fix(security): Log failing strict cookie check

Browse source 
The error is silent otherwise and makes it very hard to debug on a
production system.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This commit is contained in:
Christoph Wurst 2023-03-20 16:26:41 +01:00
parent 8f59ff880f
commit 0e6fccf9e1
No known key found for this signature in database
GPG key ID: CC42AC2A7F0E56D8
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
lib/base.php
View file

@ -561,6 +561,7 @@ class OC {
// All other endpoints require the lax and the strict cookie
if (!$request->passesStrictCookieCheck()) {
logger('core')->warning('Request does not pass strict cookie check');
self::sendSameSiteCookies();
// Debug mode gets access to the resources without strict cookie
// due to the fact that the SabreDAV browser also lives there.