From 913ebbd556ec3ba50d68d3c435bc5ac5915eb9de Mon Sep 17 00:00:00 2001
From: Maxime Besson <maxime.besson@worteks.com>
Date: Thu, 22 Apr 2021 17:42:19 +0200
Subject: [PATCH] fix missing domain in child-src during SAML POST logout
 (#2513)

---
 lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm | 2 ++
 lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
index 937df07a7..fefc62cd4 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
@@ -2675,6 +2675,8 @@ sub sendLogoutRequestToProvider {
                 name => $providerName,
             }
         );
+        $req->data->{cspChildSrc}->{ $self->p->cspGetHost( $logout->msg_url ) }
+          = 1;
     }
 
     # HTTP-SOAP
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
index ef6309d59..3c7a86f76 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@@ -936,6 +936,11 @@ sub sendHtml {
         @url = map { s#https?://([^/]+).*#$1#; $_ }
           ( $req->info =~ /<iframe.*?src="(.*?)"/sg );
     }
+
+    # Update child-src header from request data
+    if ( ref( $req->data->{cspChildSrc} ) eq "HASH" ) {
+        push @url, keys %{ $req->data->{cspChildSrc} };
+    }
     if (@url) {
         $csp .= join( ' ', 'child-src', @url, "'self'" ) . ';';
     }