From 7395bfddb6b2bd7904987155d5ff9b694c0f759b Mon Sep 17 00:00:00 2001
From: Git'Fellow <12234510+solracsf@users.noreply.github.com>
Date: Wed, 20 Nov 2024 18:26:48 +0100
Subject: [PATCH] fix(status): Avoid session creation for status requests

Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
---
 lib/base.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/base.php b/lib/base.php
index 53231999e8187..ef58bdcefb251 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -363,6 +363,13 @@ private static function printUpgradePage(\OC\SystemConfig $systemConfig): void {
 	public static function initSession(): void {
 		$request = Server::get(IRequest::class);
 
+		// Do not initialize sessions for 'status.php' requests
+		// Monitoring endpoints can quickly flood session handlers
+		// and 'status.php' doesn't require sessions anyway
+		if (str_ends_with($request->getRequestUri(), '/status.php')) {
+			return;
+		}
+
 		// TODO: Temporary disabled again to solve issues with CalDAV/CardDAV clients like DAVx5 that use cookies
 		// TODO: See https://github.com/nextcloud/server/issues/37277#issuecomment-1476366147 and the other comments
 		// TODO: for further information.
@@ -790,7 +797,7 @@ public static function init(): void {
 				$isScssRequest = true;
 			}
 
-			if (substr($request->getRequestUri(), -11) === '/status.php') {
+			if (str_ends_with($request->getRequestUri(), '/status.php')) {
 				http_response_code(400);
 				header('Content-Type: application/json');
 				echo '{"error": "Trusted domain error.", "code": 15}';