Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(middleware): Fix header injection for bruteforce middleware #39996

Merged
merged 1 commit into from
Aug 22, 2023
Merged

fix(middleware): Fix header injection for bruteforce middleware #39996

merged 1 commit into from
Aug 22, 2023

Conversation

nickvergessen
Copy link
Member

Calling setHeaders(getHeaders()) breaks the CSP nonce for unknown reasons So shifting back to old standard practise for now

Summary

  • Open a talk conversation you are not a member off so you get bruteforce throttled
  • Load the index.php/apps/spreed
  • See console glowing red with weird unrelated errors (CSP is the route cause)

Checklist

@nickvergessen
fix(middleware): Fix header injection for bruteforce middleware
381c350 
Calling setHeaders(getHeaders()) breaks the CSP nonce for unknown reasons
So shifting back to old standard practise for now

Signed-off-by: Joas Schilling <coding@schilljs.com>
@nickvergessen nickvergessen added this to the Nextcloud 28 milestone Aug 22, 2023
@nickvergessen nickvergessen self-assigned this Aug 22, 2023
@nickvergessen
Copy link
Member Author

/backport to stable27

Antreesy
Antreesy approved these changes Aug 22, 2023
View reviewed changes
Copy link
Contributor

@Antreesy Antreesy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🦭

@nickvergessen nickvergessen merged commit 613cd16 into master Aug 22, 2023
39 checks passed
@nickvergessen nickvergessen deleted the bugfix/noid/fix-header-regression branch August 22, 2023 14:32
@backportbot-nextcloud
Copy link

The backport to stable27 failed. Please do this backport manually.

# Switch to the target branch and update it
git checkout stable27
git pull origin stable27

# Create the new backport branch
git checkout -b fix/foo-stable27

# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts. Resolve them.
git cherry-pick abc123

# Push the cherry pick commit to the remote repository and open a pull request
git push origin fix/foo-stable27

More info at https://docs.nextcloud.com/server/latest/developer_manual/getting_started/development_process.html#manual-backport

@nickvergessen
Copy link
Member Author

/backport to stable27

@backportbot-nextcloud
Copy link

The backport to stable27 failed. Please do this backport manually.

# Switch to the target branch and update it
git checkout stable27
git pull origin stable27

# Create the new backport branch
git checkout -b fix/foo-stable27

# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts. Resolve them.
git cherry-pick abc123

# Push the cherry pick commit to the remote repository and open a pull request
git push origin fix/foo-stable27

More info at https://docs.nextcloud.com/server/latest/developer_manual/getting_started/development_process.html#manual-backport

@nickvergessen nickvergessen mentioned this pull request Aug 22, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bigcat88 bigcat88 bigcat88 approved these changes

@Antreesy Antreesy Antreesy approved these changes

@provokateurin provokateurin Awaiting requested review from provokateurin

@ShGKme ShGKme Awaiting requested review from ShGKme

Assignees

@nickvergessen nickvergessen

Labels
3. to review Waiting for reviews bug security
Projects
None yet
Milestone
Nextcloud 28
Development

Successfully merging this pull request may close these issues.
4 participants
@nickvergessen @bigcat88 @ShGKme @Antreesy