From fb5ad7bf997946df4472cb94d7875ee70281d59c Mon Sep 17 00:00:00 2001
From: Anthony Critelli <acritelli@datto.com>
Date: Tue, 7 Jan 2020 11:14:24 -0500
Subject: [PATCH] Add none option for samesite
---
README.md | 7 +++++--
auth_mellon.h | 3 ++-
auth_mellon_config.c | 2 ++
auth_mellon_cookie.c | 4 +++-
auth_mellon_diagnostics.c | 1 +
5 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index be374bc..82a88fc 100644
--- a/README.md
+++ b/README.md
@@ -218,8 +218,11 @@ MellonDiagnosticsEnable Off
# MellonCookieSameSite allows control over the SameSite value used
# for the authentication cookie.
- # The setting accepts values of "Strict" or "Lax"
- # If not set, the SameSite attribute is not set on the cookie.
+ # The setting accepts values of "Strict", "Lax", or "None".
+ # When using none, you should set "MellonSecureCookie On" to prevent
+ # compatibility issues with newer browsers.
+ # If not set, the SameSite attribute is not set on the cookie. In newer
+ # browsers, this may cause SameSite to default to "Lax"
# Default: not set
# MellonCookieSameSite lax
diff --git a/auth_mellon.h b/auth_mellon.h
index 9ef2d8a..5f5a20b 100644
--- a/auth_mellon.h
+++ b/auth_mellon.h
@@ -164,7 +164,8 @@ typedef enum {
typedef enum {
am_samesite_default,
am_samesite_lax,
- am_samesite_strict
+ am_samesite_strict,
+ am_samesite_none,
} am_samesite_t;
typedef enum {
diff --git a/auth_mellon_config.c b/auth_mellon_config.c
index 7932e2d..f1a9d12 100644
--- a/auth_mellon_config.c
+++ b/auth_mellon_config.c
@@ -583,6 +583,8 @@ static const char *am_set_samesite_slot(cmd_parms *cmd,
d->cookie_samesite = am_samesite_lax;
} else if(!strcasecmp(arg, "strict")) {
d->cookie_samesite = am_samesite_strict;
+ } else if(!strcasecmp(arg, "none")) {
+ d->cookie_samesite = am_samesite_none;
} else {
return "The MellonCookieSameSite parameter must be 'lax' or 'strict'";
}
diff --git a/auth_mellon_cookie.c b/auth_mellon_cookie.c
index 8394c18..b2c8535 100644
--- a/auth_mellon_cookie.c
+++ b/auth_mellon_cookie.c
@@ -1,7 +1,7 @@
/*
*
* auth_mellon_cookie.c: an authentication apache module
- * Copyright © 2003-2007 UNINETT (http://www.uninett.no/)
+ * Copyright © 2003-2007 UNINETT (http://www.uninett.no/)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -73,6 +73,8 @@ static const char *am_cookie_params(request_rec *r)
cookie_samesite = "; SameSite=Lax";
} else if (cfg->cookie_samesite == am_samesite_strict) {
cookie_samesite = "; SameSite=Strict";
+ } else if (cfg->cookie_samesite == am_samesite_none) {
+ cookie_samesite = "; SameSite=None";
}
secure_cookie = cfg->secure;
diff --git a/auth_mellon_diagnostics.c b/auth_mellon_diagnostics.c
index 792e894..912814b 100644
--- a/auth_mellon_diagnostics.c
+++ b/auth_mellon_diagnostics.c
@@ -214,6 +214,7 @@ am_diag_samesite_str(request_rec *r, am_samesite_t samesite)
case am_samesite_default: return "default";
case am_samesite_lax: return "lax";
case am_samesite_strict: return "strict";
+ case am_samesite_none: return "none";
default:
return apr_psprintf(r->pool, "unknown (%d)", samesite);
}
--
2.21.0