http header OCS-ApiRequest: true is required in case of session based OCS API calls

12 years ago · 3d42e402c5
1 changed files with 2 additions and 1 deletions
--- a/lib/private/api.php
+++ b/lib/private/api.php
@ -250,7 +250,8 @@ class OC_API {

 		// reuse existing login
 		$loggedIn = OC_User::isLoggedIn();
-		if ($loggedIn === true) {
+		$ocsApiRequest = isset($_SERVER['OCS_APIREQUEST']) ? $_SERVER['OCS_APIREQUEST'] === 'true' : false;
+		if ($loggedIn === true && $ocsApiRequest) {
 			return OC_User::getUser();
 		}