upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 26

Merge pull request #54776 from nextcloud/backport/54713/stable31

Browse source 
[stable31] fix(status.php): Fix samesite cookies
This commit is contained in:
Andy Scherzinger 2025-09-02 13:57:22 +02:00 committed by GitHub
commit 4948a742de
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
lib/base.php
View file

@ -387,17 +387,18 @@ class OC {
// prevents javascript from accessing php session cookies
ini_set('session.cookie_httponly', 'true');
// Do not initialize sessions for 'status.php' requests
// Monitoring endpoints can quickly flood session handlers
// and 'status.php' doesn't require sessions anyway
if (str_ends_with($request->getScriptName(), '/status.php')) {
return;
}
// set the cookie path to the Nextcloud directory
$cookie_path = OC::$WEBROOT ? : '/';
ini_set('session.cookie_path', $cookie_path);
// Do not initialize sessions for 'status.php' requests
// Monitoring endpoints can quickly flood session handlers
// and 'status.php' doesn't require sessions anyway
// We still need to run the ini_set above so that same-site cookies use the correct configuration.
if (str_ends_with($request->getScriptName(), '/status.php')) {
return;
}
// Let the session name be changed in the initSession Hook
$sessionName = OC_Util::getInstanceId();