upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-09 08:44:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

added CORS skip if session was created by AppAPI

Browse source 
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
This commit is contained in:
Alexander Piskun 2023-10-02 11:08:21 +03:00
parent 3622af9b43
commit f16c9f42c6
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
View file

@ -91,6 +91,10 @@ class CORSMiddleware extends Middleware {
if ($this->request->passesCSRFCheck()) {
return;
}
// Skip CORS check for requests with AppAPI auth.
if ($this->session->getSession()->get('app_api') === true) {
return;
}
$this->session->logout();
try {
if ($user === null || $pass === null || !$this->session->logClientIn($user, $pass, $this->request, $this->throttler)) {