mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2026-01-07 06:03:09 -06:00
Code Issues Packages Projects Releases Wiki Activity

Change cookie oidc_nonce to SameSite=None.

Browse source 
https://github.com/matrix-org/dendrite/issues/1297#issuecomment-1139357227
This commit is contained in:
Tommie Gannert 2022-05-27 09:58:31 +02:00
parent 83bac7df36
commit 618e18f259
1 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
clientapi/routing/sso.go
View file

@ -20,6 +20,7 @@ import (
"fmt" "fmt"
"net/http" "net/http"
"net/url" "net/url"
"path"
"strings" "strings"
"time" "time"
@ -89,14 +90,20 @@ func SSORedirect(
util.GetLogger(ctx).Infof("SSO redirect to %s.", u) util.GetLogger(ctx).Infof("SSO redirect to %s.", u)
resp := util.RedirectResponse(u) resp := util.RedirectResponse(u)
resp.Headers["Set-Cookie"] = (&http.Cookie{ cookie := &http.Cookie{
Name: "oidc_nonce", Name: "oidc_nonce",
Value: nonce, Value: nonce,
Path: "/", Path: path.Dir(callbackURL.Path),
Expires: time.Now().Add(10 * time.Minute), Expires: time.Now().Add(10 * time.Minute),
Secure: callbackURL.Scheme != "http", Secure: callbackURL.Scheme != "http",
SameSite: http.SameSiteStrictMode, SameSite: http.SameSiteNoneMode,
}).String() }
if !cookie.Secure {
// SameSite=None requires Secure, so we might as well remove
// it. See https://blog.chromium.org/2019/10/developers-get-ready-for-new.html.
cookie.SameSite = http.SameSiteDefaultMode
}
resp.Headers["Set-Cookie"] = cookie.String()
return resp return resp
} }