Don't set Same-Site attribute for mobile chrome

Android is really insane when it is about cookies. So what happens is: 1. Nextcloud sets cookies with a Same-Site attribute 2. Chrome Android accepts it and sends it properly 3. The first download using Chrome works 4. It is redownloaded with the Download Manager which does just completely drops cookies with the same-site attribute This makes downloads fails on mobile Chrome. Fixes #342
nextcloud · Sep 19, 2016 · 04dbd78 · 04dbd78
1 parent d2887b7
commit 04dbd78
Showing 1 changed file with 16 additions and 3 deletions.
diff --git a/lib/base.php b/lib/base.php
@@ -484,12 +484,25 @@ private static function sendSameSiteCookies() {
 			'strict',
 		];
 		foreach($policies as $policy) {
+			$cookieName = sprintf('nc_sameSiteCookie%s', $policy);
+			$sameSite = sprintf('; SameSite=%s', $policy);
+
+			// Chrome on Android has a bug that it doesn't sent cookies with the
+			// same-site attribute for the download manager. To work around that
+			// all same-site cookies get deleted and recreated directly. Awesome!
+			// FIXME: Remove once Chrome 54 is deployed to end-users
+			// @see https://github.com/nextcloud/server/pull/1454
+			if(\OC::$server->getRequest()->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_ANDROID_MOBILE_CHROME])) {
+				$sameSite = '';
+				setcookie($cookieName, '', time() - 3600);
+			}
+
 			header(
 				sprintf(
-					'Set-Cookie: nc_sameSiteCookie%s=true; path=%s; httponly;' . $secureCookie . 'expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=%s',
-					$policy,
+					'Set-Cookie: %s=true; path=%s; httponly;' . $secureCookie . 'expires=Fri, 31-Dec-2100 23:59:59 GMT%s',
+					$cookieName,
 					$cookieParams['path'],
-					$policy
+					$sameSite
 				),
 				false
 			);