Blob Blame History Raw
From d2f6572e93446d611fc66cf68d0b71cd13366d55 Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Date: Thu, 30 Jul 2020 10:10:04 +0200
Subject: [PATCH 18/19] add note on usage of OIDC_SET_COOKIE_APPEND in the
 sample config/doc

Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
(cherry picked from commit bcbdd1993e7449446cb34df696826bd8bc9d2977)
---
 auth_openidc.conf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/auth_openidc.conf b/auth_openidc.conf
index 4012df3..ce2fba7 100644
--- a/auth_openidc.conf
+++ b/auth_openidc.conf
@@ -431,6 +431,12 @@
 #   state cookie: Lax
 #   session cookie: first time set Lax, updates (e.g. after inactivity timeout) Strict
 #   x_csrf discovery: Strict:
+#
+# The default `SameSite=None` cookie appendix on `Set-Cookie` response headers can be 
+# conditionally overridden using an environment variable in the Apache config as in:
+#   SetEnvIf User-Agent ".*IOS.*" OIDC_SET_COOKIE_APPEND=;
+# (since version 2.4.1)
+#
 # When not defined the default is Off.
 #OIDCCookieSameSite [On|Off]
 
-- 
2.26.2