From 70f1b3b33cea6edfb9644a75ccce1e2347a31f8e Mon Sep 17 00:00:00 2001 From: rtoth Date: Fri, 4 Feb 2022 16:27:28 +0000 Subject: [PATCH] Combine the check for API calls as from MagentaCLOUD prod and NC E2E test --- lib/base.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/lib/base.php b/lib/base.php index 09ec5be441b5b..0da0b3ab04b61 100644 --- a/lib/base.php +++ b/lib/base.php @@ -421,13 +421,14 @@ public static function initSession(): void { // TODO: Temporary disabled again to solve issues with CalDAV/CardDAV clients like DAVx5 that use cookies // TODO: See https://github.com/nextcloud/server/issues/37277#issuecomment-1476366147 and the other comments // TODO: for further information. - // $isDavRequest = strpos($request->getRequestUri(), '/remote.php/dav') === 0 || strpos($request->getRequestUri(), '/remote.php/webdav') === 0; - // if ($request->getHeader('Authorization') !== '' && is_null($request->getCookie('cookie_test')) && $isDavRequest && !isset($_COOKIE['nc_session_id'])) { - // setcookie('cookie_test', 'test', time() + 3600); - // // Do not initialize the session if a request is authenticated directly - // // unless there is a session cookie already sent along - // return; - // } + // MagentaCLOUD stays with original version of the solution from production + $isDavRequest = strpos($request->getRequestUri(), '/remote.php/dav') === 0 || + strpos($request->getRequestUri(), '/remote.php/webdav') === 0; + if ($request->getHeader('Authorization') !== '' && $isDavRequest && !isset($_COOKIE['nc_session_id'])) { + // Do not initialize the session if a request is authenticated directly + // unless there is a session cookie already sent along + return; + } if ($request->getServerProtocol() === 'https') { ini_set('session.cookie_secure', 'true');