Try to compute the correct value of SameSite by default (#2281)
This commit is contained in:
parent
79d0a4c936
commit
26cd1945fb
|
@ -274,7 +274,7 @@ sub defaultValues {
|
|||
'rest2fActivation' => 0,
|
||||
'restAuthnLevel' => 2,
|
||||
'restClockTolerance' => 15,
|
||||
'sameSite' => 'None',
|
||||
'sameSite' => '',
|
||||
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
|
||||
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
|
||||
'samlAuthnContextMapKerberos' => 4,
|
||||
|
|
|
@ -2917,8 +2917,12 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'type' => 'url'
|
||||
},
|
||||
'sameSite' => {
|
||||
'default' => 'None',
|
||||
'default' => '',
|
||||
'select' => [ {
|
||||
'k' => '',
|
||||
'v' => ''
|
||||
},
|
||||
{
|
||||
'k' => 'Strict',
|
||||
'v' => 'Strict'
|
||||
},
|
||||
|
|
|
@ -35,7 +35,6 @@ $url_re =~ s/(?<=[^\\])\$/\\\$/g;
|
|||
my $url = qr/$url_re/;
|
||||
my $urlOrEmpty = qr/(?:^$|$url_re)/;
|
||||
|
||||
|
||||
sub types {
|
||||
return {
|
||||
|
||||
|
@ -1155,11 +1154,12 @@ sub attributes {
|
|||
sameSite => {
|
||||
type => 'select',
|
||||
select => [
|
||||
{ k => '', v => '' },
|
||||
{ k => 'Strict', v => 'Strict' },
|
||||
{ k => 'Lax', v => 'Lax' },
|
||||
{ k => 'None', v => 'None' },
|
||||
],
|
||||
default => 'None',
|
||||
default => '',
|
||||
documentation => 'Cookie SameSite value',
|
||||
flags => 'hp',
|
||||
},
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -15,6 +15,7 @@ package Lemonldap::NG::Portal::Main;
|
|||
use strict;
|
||||
use Mouse;
|
||||
use Regexp::Assemble;
|
||||
use Lemonldap::NG::Common::Util qw(getSameSite);
|
||||
|
||||
# PROPERTIES
|
||||
|
||||
|
@ -87,6 +88,9 @@ has csp => ( is => 'rw' );
|
|||
# Cross-Origine Resource Sharing headers
|
||||
has cors => ( is => 'rw' );
|
||||
|
||||
# Cookie SameSite value
|
||||
has cookieSameSite => ( is => 'rw' );
|
||||
|
||||
# INITIALIZATION
|
||||
|
||||
sub init {
|
||||
|
@ -268,6 +272,11 @@ sub reloadConf {
|
|||
}
|
||||
$self->conf->{domain} =~ s/^([^\.])/.$1/;
|
||||
|
||||
# Initialize cookie SameSite value
|
||||
$self->cookieSameSite( getSameSite( $self->conf ) );
|
||||
$self->logger->debug(
|
||||
"Cookies will use SameSite=" . $self->cookieSameSite );
|
||||
|
||||
# Load menu
|
||||
# ---------
|
||||
$self->menu( $self->loadPlugin('::Main::Menu') );
|
||||
|
|
|
@ -790,7 +790,7 @@ sub cookie {
|
|||
$h{HttpOnly} //= $self->conf->{httpOnly};
|
||||
$h{max_age} //= $self->conf->{cookieExpiration}
|
||||
if ( $self->conf->{cookieExpiration} );
|
||||
$h{SameSite} ||= $self->conf->{sameSite};
|
||||
$h{SameSite} ||= $self->cookieSameSite;
|
||||
|
||||
foreach (qw(domain path expires max_age HttpOnly SameSite)) {
|
||||
my $f = $_;
|
||||
|
|
Loading…
Reference in New Issue
Block a user