upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-27 03:43:40 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 12

Merge pull request #51173 from DaleBCooper/fix-a+-rating

Browse source 
Fix A+ rating when checking with Nextcloud Security Scan.
This commit is contained in:
Joas Schilling 2025-03-02 11:03:42 +01:00 committed by GitHub
commit 92bbcada49
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 7 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
lib/base.php
View file

@ -362,13 +362,6 @@ class OC {
public static function initSession(): void {
$request = Server::get(IRequest::class);
// Do not initialize sessions for 'status.php' requests
// Monitoring endpoints can quickly flood session handlers
// and 'status.php' doesn't require sessions anyway
if (str_ends_with($request->getScriptName(), '/status.php')) {
return;
}
// TODO: Temporary disabled again to solve issues with CalDAV/CardDAV clients like DAVx5 that use cookies
// TODO: See https://github.com/nextcloud/server/issues/37277#issuecomment-1476366147 and the other comments
// TODO: for further information.
@ -387,6 +380,13 @@ class OC {
// prevents javascript from accessing php session cookies
ini_set('session.cookie_httponly', 'true');
// Do not initialize sessions for 'status.php' requests
// Monitoring endpoints can quickly flood session handlers
// and 'status.php' doesn't require sessions anyway
if (str_ends_with($request->getScriptName(), '/status.php')) {
return;
}
// set the cookie path to the Nextcloud directory
$cookie_path = OC::$WEBROOT ? : '/';
ini_set('session.cookie_path', $cookie_path);