dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix missing domain in child-src during SAML POST logout (#2513)

Browse Source
This commit is contained in:
Maxime Besson 2021-04-22 17:42:19 +02:00
parent 5ba0c11b58
commit 913ebbd556
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
View File

@ -2675,6 +2675,8 @@ sub sendLogoutRequestToProvider {
name => $providerName, name => $providerName,
} }
); );
$req->data->{cspChildSrc}->{ $self->p->cspGetHost( $logout->msg_url ) }
= 1;
} }
# HTTP-SOAP # HTTP-SOAP

5
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
View File

@ -936,6 +936,11 @@ sub sendHtml {
@url = map { s#https?://([^/]+).*#$1#; $_ } @url = map { s#https?://([^/]+).*#$1#; $_ }
( $req->info =~ /<iframe.*?src="(.*?)"/sg ); ( $req->info =~ /<iframe.*?src="(.*?)"/sg );
} }
# Update child-src header from request data
if ( ref( $req->data->{cspChildSrc} ) eq "HASH" ) {
push @url, keys %{ $req->data->{cspChildSrc} };
}
if (@url) { if (@url) {
$csp .= join( ' ', 'child-src', @url, "'self'" ) . ';'; $csp .= join( ' ', 'child-src', @url, "'self'" ) . ';';
} }