Don't set Same-Site attribute for mobile chrome

Android is really insane when it is about cookies. So what happens is: 1. Nextcloud sets cookies with a Same-Site attribute 2. Chrome Android accepts it and sends it properly 3. The first download using Chrome works 4. It is redownloaded with the Download Manager which does just completely drops cookies with the same-site attribute This makes downloads fails on mobile Chrome. Fixes #342
nextcloud · Sep 19, 2016 · 14c46aa · 14c46aa
1 parent d2887b7
commit 14c46aa
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/lib/base.php b/lib/base.php
@@ -484,12 +484,17 @@ private static function sendSameSiteCookies() {
 			'strict',
 		];
 		foreach($policies as $policy) {
+			$sameSite = sprintf('; SameSite=%s', $policy);
+			if(\OC::$server->getRequest()->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_ANDROID_MOBILE_CHROME])) {
+				$sameSite = '';
+			}
+
 			header(
 				sprintf(
-					'Set-Cookie: nc_sameSiteCookie%s=true; path=%s; httponly;' . $secureCookie . 'expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=%s',
+					'Set-Cookie: nc_sameSiteCookie%s=true; path=%s; httponly;' . $secureCookie . 'expires=Fri, 31-Dec-2100 23:59:59 GMT%s',
 					$policy,
 					$cookieParams['path'],
-					$policy
+					$sameSite
 				),
 				false
 			);