|
|
6953a2 |
diff --git a/docs/manual/mod/mod_usertrack.html.en b/docs/manual/mod/mod_usertrack.html.en
|
|
|
6953a2 |
index b212747..d2da9b9 100644
|
|
|
6953a2 |
--- a/docs/manual/mod/mod_usertrack.html.en
|
|
|
6953a2 |
+++ b/docs/manual/mod/mod_usertrack.html.en
|
|
|
6953a2 |
@@ -47,7 +47,10 @@
|
|
|
6953a2 |
|
|
|
6953a2 |
CookieDomain
|
|
|
6953a2 |
CookieExpires
|
|
|
6953a2 |
+ CookieHTTPOnly
|
|
|
6953a2 |
CookieName
|
|
|
6953a2 |
+ CookieSameSite
|
|
|
6953a2 |
+ CookieSecure
|
|
|
6953a2 |
CookieStyle
|
|
|
6953a2 |
CookieTracking
|
|
|
6953a2 |
|
|
|
6953a2 |
@@ -127,6 +130,22 @@ CustomLog "logs/clickstream.log" usertrack
|
|
|
6953a2 |
CookieExpires "3 weeks"
|
|
|
6953a2 |
|
|
|
6953a2 |
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+Description:Adds the 'HTTPOnly' attribute to the cookie
|
|
|
6953a2 |
+Syntax:CookieHTTPOnly on|off
|
|
|
6953a2 |
+Default:CookieHTTPOnly off
|
|
|
6953a2 |
+Context:server config, virtual host, directory, .htaccess
|
|
|
6953a2 |
+Override:FileInfo
|
|
|
6953a2 |
+Status:Extension
|
|
|
6953a2 |
+Module:mod_usertrack
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+ When set to 'ON', the 'HTTPOnly' cookie attribute is added to this
|
|
|
6953a2 |
+ modules tracking cookie. This attribute instructs browsers to block javascript
|
|
|
6953a2 |
+ from reading the value of the cookie.
|
|
|
6953a2 |
+
|
|
|
6953a2 |
|
|
|
6953a2 |
|
|
|
6953a2 |
|
|
|
6953a2 |
@@ -150,6 +169,45 @@ CustomLog "logs/clickstream.log" usertrack
|
|
|
6953a2 |
CookieName clicktrack
|
|
|
6953a2 |
|
|
|
6953a2 |
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+Description:Adds the 'SameSite' attribute to the cookie
|
|
|
6953a2 |
+Syntax:CookieSameSite None|Lax|Strict
|
|
|
6953a2 |
+Default:unset
|
|
|
6953a2 |
+Context:server config, virtual host, directory, .htaccess
|
|
|
6953a2 |
+Override:FileInfo
|
|
|
6953a2 |
+Status:Extension
|
|
|
6953a2 |
+Module:mod_usertrack
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+ When set to 'None', 'Lax', or 'Strict', the 'SameSite' cookie attribute
|
|
|
6953a2 |
+ is added to this modules tracking cookie with the corresponding value.
|
|
|
6953a2 |
+ This attribute instructs browser on how to treat the cookie when it is
|
|
|
6953a2 |
+ requested in a cross-site context.
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+ A value of 'None' sets 'SameSite=None', which is the most liberal setting. To
|
|
|
6953a2 |
+ omit this attribute, omit the directive entirely.
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+Description:Adds the 'Secure' attribute to the cookie
|
|
|
6953a2 |
+Syntax:CookieSecure on|off
|
|
|
6953a2 |
+Default:CookieSecure off
|
|
|
6953a2 |
+Context:server config, virtual host, directory, .htaccess
|
|
|
6953a2 |
+Override:FileInfo
|
|
|
6953a2 |
+Status:Extension
|
|
|
6953a2 |
+Module:mod_usertrack
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+ When set to 'ON', the 'Secure' cookie attribute is added to this
|
|
|
6953a2 |
+ modules tracking cookie. This attribute instructs browsers to only
|
|
|
6953a2 |
+ transmit the cookie over HTTPS.
|
|
|
6953a2 |
+
|
|
|
6953a2 |
|
|
|
6953a2 |
|
|
|
6953a2 |
|
|
|
6953a2 |
diff --git a/modules/metadata/mod_usertrack.c b/modules/metadata/mod_usertrack.c
|
|
|
6953a2 |
index 73a9f45..65759c2 100644
|
|
|
6953a2 |
--- a/modules/metadata/mod_usertrack.c
|
|
|
6953a2 |
+++ b/modules/metadata/mod_usertrack.c
|
|
|
6953a2 |
@@ -86,6 +86,9 @@ typedef struct {
|
|
|
6953a2 |
const char *cookie_domain;
|
|
|
6953a2 |
char *regexp_string; /* used to compile regexp; save for debugging */
|
|
|
6953a2 |
ap_regex_t *regexp; /* used to find usertrack cookie in cookie header */
|
|
|
6953a2 |
+ int is_secure;
|
|
|
6953a2 |
+ int is_httponly;
|
|
|
6953a2 |
+ const char *samesite;
|
|
|
6953a2 |
} cookie_dir_rec;
|
|
|
6953a2 |
|
|
|
6953a2 |
/* Make Cookie: Now we have to generate something that is going to be
|
|
|
6953a2 |
@@ -143,6 +146,21 @@ static void make_cookie(request_rec *r)
|
|
|
6953a2 |
: ""),
|
|
|
6953a2 |
NULL);
|
|
|
6953a2 |
}
|
|
|
6953a2 |
+ if (dcfg->samesite != NULL) {
|
|
|
6953a2 |
+ new_cookie = apr_pstrcat(r->pool, new_cookie, "; ",
|
|
|
6953a2 |
+ dcfg->samesite,
|
|
|
6953a2 |
+ NULL);
|
|
|
6953a2 |
+ }
|
|
|
6953a2 |
+ if (dcfg->is_secure) {
|
|
|
6953a2 |
+ new_cookie = apr_pstrcat(r->pool, new_cookie, "; Secure",
|
|
|
6953a2 |
+ NULL);
|
|
|
6953a2 |
+ }
|
|
|
6953a2 |
+ if (dcfg->is_httponly) {
|
|
|
6953a2 |
+ new_cookie = apr_pstrcat(r->pool, new_cookie, "; HttpOnly",
|
|
|
6953a2 |
+ NULL);
|
|
|
6953a2 |
+ }
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+
|
|
|
6953a2 |
|
|
|
6953a2 |
apr_table_addn(r->err_headers_out,
|
|
|
6953a2 |
(dcfg->style == CT_COOKIE2 ? "Set-Cookie2" : "Set-Cookie"),
|
|
|
6953a2 |
@@ -269,6 +287,7 @@ static void *make_cookie_dir(apr_pool_t *p, char *d)
|
|
|
6953a2 |
dcfg->cookie_domain = NULL;
|
|
|
6953a2 |
dcfg->style = CT_UNSET;
|
|
|
6953a2 |
dcfg->enabled = 0;
|
|
|
6953a2 |
+ /* calloc'ed to disabled: samesite, is_secure, is_httponly */
|
|
|
6953a2 |
|
|
|
6953a2 |
/* In case the user does not use the CookieName directive,
|
|
|
6953a2 |
* we need to compile the regexp for the default cookie name. */
|
|
|
6953a2 |
@@ -429,6 +448,31 @@ static const char *set_cookie_style(cmd_parms *cmd, void *mconfig,
|
|
|
6953a2 |
return NULL;
|
|
|
6953a2 |
}
|
|
|
6953a2 |
|
|
|
6953a2 |
+/*
|
|
|
6953a2 |
+ * SameSite enabled disabled
|
|
|
6953a2 |
+ */
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+static const char *set_samesite_value(cmd_parms *cmd, void *mconfig,
|
|
|
6953a2 |
+ const char *name)
|
|
|
6953a2 |
+{
|
|
|
6953a2 |
+ cookie_dir_rec *dcfg;
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+ dcfg = (cookie_dir_rec *) mconfig;
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+ if (strcasecmp(name, "strict") == 0) {
|
|
|
6953a2 |
+ dcfg->samesite = "SameSite=Strict";
|
|
|
6953a2 |
+ } else if (strcasecmp(name, "lax") == 0) {
|
|
|
6953a2 |
+ dcfg->samesite = "SameSite=Lax";
|
|
|
6953a2 |
+ } else if (strcasecmp(name, "none") == 0) {
|
|
|
6953a2 |
+ dcfg->samesite = "SameSite=None";
|
|
|
6953a2 |
+ } else {
|
|
|
6953a2 |
+ return "CookieSameSite accepts 'Strict', 'Lax', or 'None'";
|
|
|
6953a2 |
+ }
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+
|
|
|
6953a2 |
+ return NULL;
|
|
|
6953a2 |
+}
|
|
|
6953a2 |
+
|
|
|
6953a2 |
static const command_rec cookie_log_cmds[] = {
|
|
|
6953a2 |
AP_INIT_TAKE1("CookieExpires", set_cookie_exp, NULL, OR_FILEINFO,
|
|
|
6953a2 |
"an expiry date code"),
|
|
|
6953a2 |
@@ -440,6 +484,17 @@ static const command_rec cookie_log_cmds[] = {
|
|
|
6953a2 |
"whether or not to enable cookies"),
|
|
|
6953a2 |
AP_INIT_TAKE1("CookieName", set_cookie_name, NULL, OR_FILEINFO,
|
|
|
6953a2 |
"name of the tracking cookie"),
|
|
|
6953a2 |
+ AP_INIT_FLAG("CookieTracking", set_cookie_enable, NULL, OR_FILEINFO,
|
|
|
6953a2 |
+ "whether or not to enable cookies"),
|
|
|
6953a2 |
+ AP_INIT_TAKE1("CookieSameSite", set_samesite_value, NULL, OR_FILEINFO,
|
|
|
6953a2 |
+ "SameSite setting"),
|
|
|
6953a2 |
+ AP_INIT_FLAG("CookieSecure", ap_set_flag_slot,
|
|
|
6953a2 |
+ (void *)APR_OFFSETOF(cookie_dir_rec, is_secure), OR_FILEINFO,
|
|
|
6953a2 |
+ "is cookie secure"),
|
|
|
6953a2 |
+ AP_INIT_FLAG("CookieHttpOnly", ap_set_flag_slot,
|
|
|
6953a2 |
+ (void *)APR_OFFSETOF(cookie_dir_rec, is_httponly),OR_FILEINFO,
|
|
|
6953a2 |
+ "is cookie http only"),
|
|
|
6953a2 |
+
|
|
|
6953a2 |
{NULL}
|
|
|
6953a2 |
};
|
|
|
6953a2 |
|