upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-10 17:23:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 58

added CORS skip if session was created by AppAPI

Browse source 
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
This commit is contained in:
Alexander Piskun 2023-10-02 11:08:21 +03:00 committed by Andrey Borysenko
parent e6832ed932
commit 2fb703dfda
No known key found for this signature in database
GPG key ID: 934CB29F9F59B0D1
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
View file

@ -97,6 +97,10 @@ class CORSMiddleware extends Middleware {
if ($this->request->passesCSRFCheck()) {
return;
}
// Skip CORS check for requests with AppAPI auth.
if ($this->session->getSession()->get('app_api') === true) {
return;
}
$this->session->logout();
try {
if ($user === null || $pass === null || !$this->session->logClientIn($user, $pass, $this->request, $this->throttler)) {