From 2fb703dfdac399972305c7180f2940d1aaf15b9f Mon Sep 17 00:00:00 2001
From: Alexander Piskun <bigcat88@icloud.com>
Date: Mon, 2 Oct 2023 11:08:21 +0300
Subject: [PATCH 1/2] added CORS skip if session was created by AppAPI

Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
---
 .../AppFramework/Middleware/Security/CORSMiddleware.php       | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
index e177a612d96c3..36fb5a29e3c64 100644
--- a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
@@ -97,6 +97,10 @@ public function beforeController($controller, $methodName) {
 			if ($this->request->passesCSRFCheck()) {
 				return;
 			}
+			// Skip CORS check for requests with AppAPI auth.
+			if ($this->session->getSession()->get('app_api') === true) {
+				return;
+			}
 			$this->session->logout();
 			try {
 				if ($user === null || $pass === null || !$this->session->logClientIn($user, $pass, $this->request, $this->throttler)) {

From 4623fd12d329bd346f624335e9fb0e99374b974e Mon Sep 17 00:00:00 2001
From: Alexander Piskun <bigcat88@icloud.com>
Date: Fri, 6 Oct 2023 13:46:37 +0300
Subject: [PATCH 2/2] fixed Drone test

Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
---
 .../AppFramework/Middleware/Security/CORSMiddleware.php        | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
index 36fb5a29e3c64..9940eb9577c36 100644
--- a/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php
@@ -39,6 +39,7 @@
 use OCP\AppFramework\Http\Response;
 use OCP\AppFramework\Middleware;
 use OCP\IRequest;
+use OCP\ISession;
 use ReflectionMethod;
 
 /**
@@ -98,7 +99,7 @@ public function beforeController($controller, $methodName) {
 				return;
 			}
 			// Skip CORS check for requests with AppAPI auth.
-			if ($this->session->getSession()->get('app_api') === true) {
+			if ($this->session->getSession() instanceof ISession && $this->session->getSession()->get('app_api') === true) {
 				return;
 			}
 			$this->session->logout();