From 6ac890812f00c3de534d55b4452612b9d2c48d59 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Thu, 8 Sep 2016 17:14:32 +0200
Subject: [PATCH] Add exemptions for incompatible UAs

Some user agents are notorious and don't really properly follow HTTP
 specifications. For those, have an automated opt-out. Since the protection
for remote.php is applied in base.php as starting point we need to opt out
here.
---
 lib/base.php | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/lib/base.php b/lib/base.php
index 08fa229e570..b2e45595a3e 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -506,8 +506,22 @@ class OC {
 	 * also we can't directly interfere with PHP's session mechanism.
 	 */
 	private static function performSameSiteCookieProtection() {
+		$request = \OC::$server->getRequest();
+
+		// Some user agents are notorious and don't really properly follow HTTP
+		// specifications. For those, have an automated opt-out. Since the protection
+		// for remote.php is applied in base.php as starting point we need to opt out
+		// here.
+		$incompatibleUserAgents = [
+			// OS X Finder
+			'/^WebDAVFS/',
+		];
+		if($request->isUserAgent($incompatibleUserAgents)) {
+			return;
+		}
+
+
 		if(count($_COOKIE) > 0) {
-			$request = \OC::$server->getRequest();
 			$requestUri = $request->getScriptName();
 			$processingScript = explode('/', $requestUri);
 			$processingScript = $processingScript[count($processingScript)-1];
-- 
GitLab