diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2016-06-30 18:06:11 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-06-30 18:06:11 +0300 |
| commit | 912f07e2a978a4d63c4bb9061ad097296cf7fb2f (patch) | |
| tree | 4da6e063ac23a7da4757b35eea9046a5ee6550b5 /lib | |
| parent | 1f9735b2042cfb06862941361872112d1c69905e (diff) | |
| parent | f56ea98993a6dec2f118b5e61c483d11075f7a24 (diff) | |
Merge pull request #249 from nextcloud/add-exemption-for-acs
[stable9] Add exemption for ACS endpoint
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/base.php | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/lib/base.php b/lib/base.php index 84ec0c2c5fe..2ad453189d0 100644 --- a/lib/base.php +++ b/lib/base.php @@ -519,6 +519,23 @@ class OC { $processingScript = explode('/', $requestUri); $processingScript = $processingScript[count($processingScript)-1]; + // FIXME: In a SAML scenario we don't get any strict or lax cookie + // send for the ACS endpoint. Since we have some legacy code in Nextcloud + // (direct PHP files) the enforcement of lax cookies is performed here + // instead of the middleware. + // + // This means we cannot exclude some routes from the cookie validation, + // which normally is not a problem but is a little bit cumbersome for + // this use-case. + // Once the old legacy PHP endpoints have been removed we can move + // the verification into a middleware and also adds some exemptions. + // + // Questions about this code? Ask Lukas ;-) + $currentUrl = substr(explode('?',$request->getRequestUri(), 2)[0], strlen(\OC::$WEBROOT)); + if($currentUrl === '/index.php/apps/user_saml/saml/acs') { + return; + } + // For the "index.php" endpoint only a lax cookie is required. if($processingScript === 'index.php') { if(!$request->passesLaxCookieCheck()) { |