-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for download share on old android browser #17623
Conversation
Signed-off-by: j3l11234 <297259024@qq.com>
Thanks for this contribution 👍
Could you elaborate? How can I test this change? |
OK,My Phone is OPPO R9m / Android 5.1 , I use the browser that comes with the system. I use proxy to monitor network |
I need to think about this. |
In fact is not old android browser. In my Android 10, many browser app has the same problem. such as UC |
Only partly true of course. With password protected public links we should rely on cookies. I'll dive into this a bit later |
The purpose of 'nc_sameSiteCookie*' is want to protect logout CSRF. I think the checking (check 'nc_sameSiteCookie*' and set it if it doesn't exist. the module is SameSiteCookieMiddleware) should not be apply to the 'downloadShare' func. |
@rullzer What's going on? |
So I took another look at this, your issues seems valid if you use any kind of download manager indeed. However to fully merge this and thus ignore the samesitecookie. I'l like to make sure this uses full appframework code. So that we have real file download responses with all the security checks that that adds. I'll see if I can fix that early next week. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🐘
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🐘
Thanks for your first pull request and welcome to the community! Feel free to keep them coming! If you are looking for issues to tackle then have a look at this selection: https://github.com/nextcloud/server/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22 |
In old android browser, The browser can't follow the cookies, but the browser's downloader can't follow cookies. So I skip the sameSite check when download share