Skip to content
Snippets Groups Projects
Commit e8f90133 authored by Lukas Reschke's avatar Lukas Reschke
Browse files

Merge pull request #11727 from owncloud/moveCallCheckRegisterToSomeWhereElse 

Move CSRF check
parents af7688ec 07f0d76f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/private/appframework/middleware/security/securitymiddleware.php
+ 3
0
View file @ e8f90133
......@@ -35,6 +35,7 @@ use OCP\IURLGenerator;
use OCP\IRequest;
use OCP\ILogger;
use OCP\AppFramework\Controller;
use OCP\Util;
/**
......@@ -111,6 +112,8 @@ class SecurityMiddleware extends Middleware {
}
}
// CSRF check - also registers the CSRF token since the session may be closed later
Util::callRegister();
if(!$this->reflector->hasAnnotation('NoCSRFRequired')) {
if(!$this->request->passesCSRFCheck()) {
throw new SecurityException('CSRF check failed', Http::STATUS_PRECONDITION_FAILED);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment