diff options
| author | jaltek <jaltek@mailbox.org> | 2018-01-31 16:17:56 +0300 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2018-06-06 23:13:35 +0300 |
| commit | c79dc0e08f9234739eccf07e13b971aa4664d86f (patch) | |
| tree | cc492d6ae139e9db4bddec3aa87fccfcdf9145f3 /lib/base.php | |
| parent | ebdd3fb64a55fce706f97afa2f8ad529de05cabc (diff) | |
Configurable list for opt out from same site cookie protection
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/base.php')
| -rw-r--r-- | lib/base.php | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/lib/base.php b/lib/base.php index 57a620db0ec..5cc33e233f9 100644 --- a/lib/base.php +++ b/lib/base.php @@ -523,11 +523,18 @@ class OC { // specifications. For those, have an automated opt-out. Since the protection // for remote.php is applied in base.php as starting point we need to opt out // here. - $incompatibleUserAgents = [ - // OS X Finder - '/^WebDAVFS/', - '/^Microsoft-WebDAV-MiniRedir/', - ]; + $incompatibleUserAgents = \OC::$server->getConfig()->getSystemValue('csrf.optout'); + + // Fallback, if csrf.optout is unset + if (!is_array($incompatibleUserAgents)) { + $incompatibleUserAgents = [ + // OS X Finder + '/^WebDAVFS/', + // Windows webdav drive + '/^Microsoft-WebDAV-MiniRedir/', + ]; + } + if($request->isUserAgent($incompatibleUserAgents)) { return; } |