fix(status.php): Fix samesite cookies

This skips less calls for status.php so that ini vars are correctly set and the code to set samesite cookies has the correct information when Nextcloud is installed in a subpath. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
8 months ago · 34aaa0cf83
parent d785bcdc6e
commit 34aaa0cf83
1 changed files with 7 additions and 7 deletions
--- a/lib/base.php
+++ b/lib/base.php
@ -384,13 +384,6 @@ class OC {
 		// prevents javascript from accessing php session cookies
 		ini_set('session.cookie_httponly', 'true');

-		// Do not initialize sessions for 'status.php' requests
-		// Monitoring endpoints can quickly flood session handlers
-		// and 'status.php' doesn't require sessions anyway
-		if (str_ends_with($request->getScriptName(), '/status.php')) {
-			return;
-		}
-
 		// set the cookie path to the Nextcloud directory
 		$cookie_path = OC::$WEBROOT ? : '/';
 		ini_set('session.cookie_path', $cookie_path);
@ -401,6 +394,13 @@ class OC {
 			ini_set('session.cookie_domain', $cookie_domain);
 		}

+		// Do not initialize sessions for 'status.php' requests
+		// Monitoring endpoints can quickly flood session handlers
+		// and 'status.php' doesn't require sessions anyway
+		if (str_ends_with($request->getScriptName(), '/status.php')) {
+			return;
+		}
+
 		// Let the session name be changed in the initSession Hook
 		$sessionName = OC_Util::getInstanceId();