Do not send Clear-Site-Data header to Chrome-like browsers #41204
Conversation
|
I confirm this PR is working. |
joshtrichards
added
bug
3. to review
HLFH
changed the title
|
Hi @HLFH can you please fix dco? See https://github.com/nextcloud/server/pull/41204/checks?check_run_id=18198838092. otherwise wr cannot merge this. Thanks! |
core/Controller/LoginController.php
Outdated
| if ($this->request->getServerProtocol() === 'https') { | ||
| // This feature is available only in secure contexts | ||
| if (!$this->request->isUserAgent([Request::USER_AGENT_CHROME, Request::USER_AGENT_ANDROID_MOBILE_CHROME])) { |
There was a problem hiding this comment.
I only reverted to the former code that was working for Chrome-like browsers.
I fixed the regression and did not add any minor feature such as the HTTPS check.
This might be best to add the HTTPS check in an additional PR.
|
@szaimen DCO is fixed. Feel free to merge. |
Thanks! First some reviews need to be done |
|
Any other reviews? @szaimen Or it could be merged for the beta 4. |
|
php-lint failure seems to be related... |
|
nodb failure seems to be related: https://drone.nextcloud.com/nextcloud/server/44081/9/4 |
Clear-Site-Data is broken on Chrome-like browsers. https://bugs.chromium.org/p/chromium/issues/detail?id=1349087 Signed-off-by: Gaspard d'Hautefeuille <[email protected]>
Signed-off-by: Gaspard d'Hautefeuille <[email protected]>
…ites Signed-off-by: Gaspard d'Hautefeuille <[email protected]>
Signed-off-by: Joas Schilling <[email protected]>
|
Closing as no one cares about this 30s logout delay bug on Chrome-like browsers, which makes Nextcloud a broken solution since 9 months. |
Summary
Cancels #37405 regression.
Checklist