Try to compute the correct value of SameSite by default (#2281)
This commit is contained in:
parent
79d0a4c936
commit
26cd1945fb
|
@ -274,7 +274,7 @@ sub defaultValues {
|
||||||
'rest2fActivation' => 0,
|
'rest2fActivation' => 0,
|
||||||
'restAuthnLevel' => 2,
|
'restAuthnLevel' => 2,
|
||||||
'restClockTolerance' => 15,
|
'restClockTolerance' => 15,
|
||||||
'sameSite' => 'None',
|
'sameSite' => '',
|
||||||
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
|
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
|
||||||
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
|
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
|
||||||
'samlAuthnContextMapKerberos' => 4,
|
'samlAuthnContextMapKerberos' => 4,
|
||||||
|
|
|
@ -2917,8 +2917,12 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
||||||
'type' => 'url'
|
'type' => 'url'
|
||||||
},
|
},
|
||||||
'sameSite' => {
|
'sameSite' => {
|
||||||
'default' => 'None',
|
'default' => '',
|
||||||
'select' => [ {
|
'select' => [ {
|
||||||
|
'k' => '',
|
||||||
|
'v' => ''
|
||||||
|
},
|
||||||
|
{
|
||||||
'k' => 'Strict',
|
'k' => 'Strict',
|
||||||
'v' => 'Strict'
|
'v' => 'Strict'
|
||||||
},
|
},
|
||||||
|
|
|
@ -32,10 +32,9 @@ sub perlExpr {
|
||||||
|
|
||||||
my $url_re = $RE{URI}{HTTP}{ -scheme => "https?" };
|
my $url_re = $RE{URI}{HTTP}{ -scheme => "https?" };
|
||||||
$url_re =~ s/(?<=[^\\])\$/\\\$/g;
|
$url_re =~ s/(?<=[^\\])\$/\\\$/g;
|
||||||
my $url = qr/$url_re/;
|
my $url = qr/$url_re/;
|
||||||
my $urlOrEmpty = qr/(?:^$|$url_re)/;
|
my $urlOrEmpty = qr/(?:^$|$url_re)/;
|
||||||
|
|
||||||
|
|
||||||
sub types {
|
sub types {
|
||||||
return {
|
return {
|
||||||
|
|
||||||
|
@ -1155,11 +1154,12 @@ sub attributes {
|
||||||
sameSite => {
|
sameSite => {
|
||||||
type => 'select',
|
type => 'select',
|
||||||
select => [
|
select => [
|
||||||
|
{ k => '', v => '' },
|
||||||
{ k => 'Strict', v => 'Strict' },
|
{ k => 'Strict', v => 'Strict' },
|
||||||
{ k => 'Lax', v => 'Lax' },
|
{ k => 'Lax', v => 'Lax' },
|
||||||
{ k => 'None', v => 'None' },
|
{ k => 'None', v => 'None' },
|
||||||
],
|
],
|
||||||
default => 'None',
|
default => '',
|
||||||
documentation => 'Cookie SameSite value',
|
documentation => 'Cookie SameSite value',
|
||||||
flags => 'hp',
|
flags => 'hp',
|
||||||
},
|
},
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -15,6 +15,7 @@ package Lemonldap::NG::Portal::Main;
|
||||||
use strict;
|
use strict;
|
||||||
use Mouse;
|
use Mouse;
|
||||||
use Regexp::Assemble;
|
use Regexp::Assemble;
|
||||||
|
use Lemonldap::NG::Common::Util qw(getSameSite);
|
||||||
|
|
||||||
# PROPERTIES
|
# PROPERTIES
|
||||||
|
|
||||||
|
@ -87,6 +88,9 @@ has csp => ( is => 'rw' );
|
||||||
# Cross-Origine Resource Sharing headers
|
# Cross-Origine Resource Sharing headers
|
||||||
has cors => ( is => 'rw' );
|
has cors => ( is => 'rw' );
|
||||||
|
|
||||||
|
# Cookie SameSite value
|
||||||
|
has cookieSameSite => ( is => 'rw' );
|
||||||
|
|
||||||
# INITIALIZATION
|
# INITIALIZATION
|
||||||
|
|
||||||
sub init {
|
sub init {
|
||||||
|
@ -268,6 +272,11 @@ sub reloadConf {
|
||||||
}
|
}
|
||||||
$self->conf->{domain} =~ s/^([^\.])/.$1/;
|
$self->conf->{domain} =~ s/^([^\.])/.$1/;
|
||||||
|
|
||||||
|
# Initialize cookie SameSite value
|
||||||
|
$self->cookieSameSite( getSameSite( $self->conf ) );
|
||||||
|
$self->logger->debug(
|
||||||
|
"Cookies will use SameSite=" . $self->cookieSameSite );
|
||||||
|
|
||||||
# Load menu
|
# Load menu
|
||||||
# ---------
|
# ---------
|
||||||
$self->menu( $self->loadPlugin('::Main::Menu') );
|
$self->menu( $self->loadPlugin('::Main::Menu') );
|
||||||
|
|
|
@ -790,7 +790,7 @@ sub cookie {
|
||||||
$h{HttpOnly} //= $self->conf->{httpOnly};
|
$h{HttpOnly} //= $self->conf->{httpOnly};
|
||||||
$h{max_age} //= $self->conf->{cookieExpiration}
|
$h{max_age} //= $self->conf->{cookieExpiration}
|
||||||
if ( $self->conf->{cookieExpiration} );
|
if ( $self->conf->{cookieExpiration} );
|
||||||
$h{SameSite} ||= $self->conf->{sameSite};
|
$h{SameSite} ||= $self->cookieSameSite;
|
||||||
|
|
||||||
foreach (qw(domain path expires max_age HttpOnly SameSite)) {
|
foreach (qw(domain path expires max_age HttpOnly SameSite)) {
|
||||||
my $f = $_;
|
my $f = $_;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user