From 0e6fccf9e1d67c0fc3ef76b4dce600eb41ac6aa5 Mon Sep 17 00:00:00 2001
From: Christoph Wurst <christoph@winzerhof-wurst.at>
Date: Mon, 20 Mar 2023 16:26:41 +0100
Subject: [PATCH] fix(security): Log failing strict cookie check

The error is silent otherwise and makes it very hard to debug on a
production system.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
---
 lib/base.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/base.php b/lib/base.php
index be931e70d55..e9205e1dc66 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -561,6 +561,7 @@ class OC {
 
 			// All other endpoints require the lax and the strict cookie
 			if (!$request->passesStrictCookieCheck()) {
+				logger('core')->warning('Request does not pass strict cookie check');
 				self::sendSameSiteCookies();
 				// Debug mode gets access to the resources without strict cookie
 				// due to the fact that the SabreDAV browser also lives there.