|
 |
4d4f51 |
From b9d87e0deb528817689f1648999a95645b1b19ad Mon Sep 17 00:00:00 2001
|
|
|
4d4f51 |
From: Keita SUZUKI <keita@osstech.co.jp>
|
|
|
4d4f51 |
Date: Mon, 20 Jan 2020 11:03:14 +0900
|
|
|
4d4f51 |
Subject: [PATCH] avoid always set SameSite cookie
|
|
|
4d4f51 |
|
|
|
4d4f51 |
---
|
|
|
4d4f51 |
auth_mellon.h | 5 +++++
|
|
|
4d4f51 |
auth_mellon_cookie.c | 22 ++++++++++++++++------
|
|
|
4d4f51 |
2 files changed, 21 insertions(+), 6 deletions(-)
|
|
|
4d4f51 |
|
|
|
4d4f51 |
diff --git a/auth_mellon.h b/auth_mellon.h
|
|
|
4d4f51 |
index 5f5a20b..8bb8023 100644
|
|
|
4d4f51 |
--- a/auth_mellon.h
|
|
|
4d4f51 |
+++ b/auth_mellon.h
|
|
|
4d4f51 |
@@ -96,6 +96,11 @@ typedef enum {
|
|
|
4d4f51 |
} am_diag_flags_t;
|
|
|
4d4f51 |
#endif
|
|
|
4d4f51 |
|
|
|
4d4f51 |
+
|
|
|
4d4f51 |
+/* Disable SameSite Environment Value */
|
|
|
4d4f51 |
+#define AM_DISABLE_SAMESITE_ENV_VAR "MELLON_DISABLE_SAMESITE"
|
|
|
4d4f51 |
+
|
|
|
4d4f51 |
+
|
|
|
4d4f51 |
/* This is the length of the id we use (for session IDs and
|
|
|
4d4f51 |
* replaying POST data).
|
|
|
4d4f51 |
*/
|
|
|
4d4f51 |
diff --git a/auth_mellon_cookie.c b/auth_mellon_cookie.c
|
|
|
4d4f51 |
index b2c8535..55f77a5 100644
|
|
|
4d4f51 |
--- a/auth_mellon_cookie.c
|
|
|
4d4f51 |
+++ b/auth_mellon_cookie.c
|
|
|
4d4f51 |
@@ -59,6 +59,7 @@ static const char *am_cookie_params(request_rec *r)
|
|
|
4d4f51 |
const char *cookie_domain = ap_get_server_name(r);
|
|
|
4d4f51 |
const char *cookie_path = "/";
|
|
|
4d4f51 |
const char *cookie_samesite = "";
|
|
|
4d4f51 |
+ const char *env_var_value = NULL;
|
|
|
4d4f51 |
am_dir_cfg_rec *cfg = am_get_dir_cfg(r);
|
|
|
4d4f51 |
|
|
|
4d4f51 |
if (cfg->cookie_domain) {
|
|
|
4d4f51 |
@@ -69,12 +70,21 @@ static const char *am_cookie_params(request_rec *r)
|
|
|
4d4f51 |
cookie_path = cfg->cookie_path;
|
|
|
4d4f51 |
}
|
|
|
4d4f51 |
|
|
|
4d4f51 |
- if (cfg->cookie_samesite == am_samesite_lax) {
|
|
|
4d4f51 |
- cookie_samesite = "; SameSite=Lax";
|
|
|
4d4f51 |
- } else if (cfg->cookie_samesite == am_samesite_strict) {
|
|
|
4d4f51 |
- cookie_samesite = "; SameSite=Strict";
|
|
|
4d4f51 |
- } else if (cfg->cookie_samesite == am_samesite_none) {
|
|
|
4d4f51 |
- cookie_samesite = "; SameSite=None";
|
|
|
4d4f51 |
+ if (r->subprocess_env != NULL){
|
|
|
4d4f51 |
+ env_var_value = apr_table_get(r->subprocess_env,
|
|
|
4d4f51 |
+ AM_DISABLE_SAMESITE_ENV_VAR);
|
|
|
4d4f51 |
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
|
|
|
4d4f51 |
+ "%s : %s", AM_DISABLE_SAMESITE_ENV_VAR, env_var_value);
|
|
|
4d4f51 |
+ }
|
|
|
4d4f51 |
+
|
|
|
4d4f51 |
+ if (env_var_value == NULL){
|
|
|
4d4f51 |
+ if (cfg->cookie_samesite == am_samesite_lax) {
|
|
|
4d4f51 |
+ cookie_samesite = "; SameSite=Lax";
|
|
|
4d4f51 |
+ } else if (cfg->cookie_samesite == am_samesite_strict) {
|
|
|
4d4f51 |
+ cookie_samesite = "; SameSite=Strict";
|
|
|
4d4f51 |
+ } else if (cfg->cookie_samesite == am_samesite_none) {
|
|
|
4d4f51 |
+ cookie_samesite = "; SameSite=None";
|
|
|
4d4f51 |
+ }
|
|
|
4d4f51 |
}
|
|
|
4d4f51 |
|
|
|
4d4f51 |
secure_cookie = cfg->secure;
|
|
|
4d4f51 |
--
|
|
|
4d4f51 |
2.21.0
|
|
|
4d4f51 |
|