Merge pull request #37405 from nextcloud/clear-site-data

Send Clear-Site-Data header and let browsers ignore it if unsupported
nextcloud · Mar 28, 2023 · 8ee52d3 · 8ee52d3
2 parents 7db8e22 + 346054f
commit 8ee52d3
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 27 deletions.
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
@@ -34,7 +34,6 @@
  */
 namespace OC\Core\Controller;
 
-use OC\AppFramework\Http\Request;
 use OC\Authentication\Login\Chain;
 use OC\Authentication\Login\LoginData;
 use OC\Authentication\WebAuthn\Manager as WebAuthnManager;
@@ -125,7 +124,8 @@ public function logout() {
 		$this->session->set('clearingExecutionContexts', '1');
 		$this->session->close();
 
-		if (!$this->request->isUserAgent([Request::USER_AGENT_CHROME, Request::USER_AGENT_ANDROID_MOBILE_CHROME])) {
+		if ($this->request->getServerProtocol() === 'https') {
+			// This feature is available only in secure contexts
 			$response->addHeader('Clear-Site-Data', '"cache", "storage"');
 		}
 

diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php
@@ -143,9 +143,8 @@ public function testLogoutWithoutToken() {
 			->with('nc_token')
 			->willReturn(null);
 		$this->request
-			->expects($this->once())
-			->method('isUserAgent')
-			->willReturn(false);
+			->method('getServerProtocol')
+			->willReturn('https');
 		$this->config
 			->expects($this->never())
 			->method('deleteUserValue');
@@ -160,26 +159,6 @@ public function testLogoutWithoutToken() {
 		$this->assertEquals($expected, $this->loginController->logout());
 	}
 
-	public function testLogoutNoClearSiteData() {
-		$this->request
-			->expects($this->once())
-			->method('getCookie')
-			->with('nc_token')
-			->willReturn(null);
-		$this->request
-			->expects($this->once())
-			->method('isUserAgent')
-			->willReturn(true);
-		$this->urlGenerator
-			->expects($this->once())
-			->method('linkToRouteAbsolute')
-			->with('core.login.showLoginForm')
-			->willReturn('/login');
-
-		$expected = new RedirectResponse('/login');
-		$this->assertEquals($expected, $this->loginController->logout());
-	}
-
 	public function testLogoutWithToken() {
 		$this->request
 			->expects($this->once())
@@ -188,8 +167,8 @@ public function testLogoutWithToken() {
 			->willReturn('MyLoginToken');
 		$this->request
 			->expects($this->once())
-			->method('isUserAgent')
-			->willReturn(false);
+			->method('getServerProtocol')
+			->willReturn('https');
 		$user = $this->createMock(IUser::class);
 		$user
 			->expects($this->once())