upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-09 08:44:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Merge pull request #37316 from nextcloud/fix/security/strict-cookie-check-status-codes

Browse source 
fix(security)!: Use consistent HTTP status for strict cookie checks
This commit is contained in:
Simon L 2023-04-18 11:39:18 +02:00 committed by GitHub
commit 5f879a705b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/base.php
View file

@ -570,7 +570,9 @@ class OC {
// Debug mode gets access to the resources without strict cookie
// due to the fact that the SabreDAV browser also lives there.
if (!$config->getSystemValue('debug', false)) {
http_response_code(\OCP\AppFramework\Http::STATUS_SERVICE_UNAVAILABLE);
http_response_code(\OCP\AppFramework\Http::STATUS_PRECONDITION_FAILED);
header('Content-Type: application/json');
echo json_encode(['error' => 'Strict Cookie has not been found in request']);
exit();
}
}

3
lib/private/AppFramework/Middleware/Security/Exceptions/StrictCookieMissingException.php
View file

@ -1,4 +1,7 @@
<?php
declare(strict_types=1);
/**
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
*