debug

Signed-off-by: Benjamin Gaussorgues <[email protected]>
nextcloud · Dec 4, 2024 · dfaf28e · dfaf28e
1 parent a6b8609
commit dfaf28e
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 6 deletions.
diff --git a/.htaccess b/.htaccess
@@ -13,11 +13,6 @@
     </IfModule>
   </IfModule>
 
-  <IfModule mod_env.c>
-    # Add security and privacy related headers
-    # Avoid doubled headers by unsetting headers in "onsuccess" table,
-    # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
-
     <If "%{REQUEST_URI} =~ m#/login$#">
       # Only on the login page we need any Origin or Referer header set.
       Header onsuccess unset Referrer-Policy
@@ -27,6 +22,11 @@
       Header onsuccess unset Referrer-Policy
       Header always set Referrer-Policy "no-referrer"
     </Else>
+  <IfModule mod_env.c>
+    # Add security and privacy related headers
+    # Avoid doubled headers by unsetting headers in "onsuccess" table,
+    # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
+
 
     Header onsuccess unset X-Content-Type-Options
     Header always set X-Content-Type-Options "nosniff"

diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
@@ -43,6 +43,7 @@
 use OCP\Security\Bruteforce\IThrottler;
 use OCP\Security\ITrustedDomainHelper;
 use OCP\Util;
+use Psr\Log\LoggerInterface;
 
 class LoginController extends Controller {
 	public const LOGIN_MSG_INVALIDPASSWORD = 'invalidpassword';
@@ -294,6 +295,7 @@ public function tryLogin(
 		$origin = $this->request->getHeader('Origin');
 		$throttle = true;
 		if ($origin === '' || !$trustedDomainHelper->isTrustedUrl($origin)) {
+			\OC::$server->get(LoggerInterface::class)->error('Origin ' . $origin . ' isnt trusted', ['trusted' => \OC::$server->get(IConfig::class)->getSystemValue('trusted_domains')]);
 			// Login attempt not from the same origin,
 			// We only allow this on the login flow but not on the UI login page.
 			// This could have come from someone malicious who tries to block a user by triggering the bruteforce protection.
@@ -308,6 +310,7 @@ public function tryLogin(
 			}
 			$error = self::LOGIN_MSG_CSRFCHECKFAILED;
 		}
+		\OC::$server->get(LoggerInterface::class)->error('Origin ' . $origin . ' is trusted!', ['trusted' => \OC::$server->get(IConfig::class)->getSystemValue('trusted_domains')]);
 
 		if ($error !== '') {
 			// Clear any auth remnants like cookies to ensure a clean login

diff --git a/cypress/dockerNode.ts b/cypress/dockerNode.ts
@@ -277,7 +277,7 @@ export const waitOnNextcloud = async function(ip: string) {
 const runExec = async function(
 	container: Docker.Container,
 	command: string[],
-	verbose = false,
+	verbose = true,
 	user = 'www-data',
 	workdir?: string,
 ): Promise<string> {