Merge pull request #33174 from nextcloud/fix/redirect-css-not-found

Do not redirect if requested font, style or script can not be found
nextcloud · Aug 8, 2022 · 00a01a1 · 00a01a1
2 parents cf5b7b1 + a1149b0
commit 00a01a1
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/lib/base.php b/lib/base.php
@@ -1055,6 +1055,15 @@ public static function handleRequest() {
 			return;
 		}
 
+		// Handle resources that can't be found
+		// This prevents browsers from redirecting to the default page and then
+		// attempting to parse HTML as CSS and similar.
+		$destinationHeader = $request->getHeader('Sec-Fetch-Dest');
+		if (in_array($destinationHeader, ['font', 'script', 'style'])) {
+			http_response_code(404);
+			return;
+		}
+
 		// Someone is logged in
 		if (\OC::$server->getUserSession()->isLoggedIn()) {
 			OC_App::loadApps();