From 0bd084eb058361517b64a2c10a46c332adc9aeea Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Date: Wed, 15 Jan 2020 17:58:53 +0100
Subject: [PATCH 14/19] add value of OIDC_SET_COOKIE_APPEND env var to
 Set-Cookie headers

- useful for handling changing/upcoming SameSite behaviors across
different browsers, e.g.:
  SetEnvIf User-Agent ".*IOS.*" OIDC_SET_COOKIE_APPEND=SameSite=None
- bump to 2.4.1rc4

Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
(cherry picked from commit a326dbe843a755124ecee883db52dcdc26284c26)
---
 ChangeLog  |  5 +++++
 src/util.c | 27 +++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index dfe4bd6..fc7c5ae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+01/15/2020
+- add value of OIDC_SET_COOKIE_APPEND env var to Set-Cookie headers
+  useful for handling changing/upcoming SameSite behaviors across different browsers, e.g.:
+    SetEnvIf User-Agent ".*IOS.*" OIDC_SET_COOKIE_APPEND=SameSite=None
+
 08/04/2018
 - don't return content with 503 since it will turn the HTTP status code into a 200; see #331
 
diff --git a/src/util.c b/src/util.c
index 67b2fc3..993718e 100644
--- a/src/util.c
+++ b/src/util.c
@@ -914,6 +914,27 @@ static char *oidc_util_get_cookie_path(request_rec *r) {
 
 #define OIDC_COOKIE_MAX_SIZE            4093
 
+#define OIDC_SET_COOKIE_APPEND_ENV_VAR  "OIDC_SET_COOKIE_APPEND"
+
+const char *oidc_util_set_cookie_append_value(request_rec *r, oidc_cfg *c) {
+	const char *env_var_value = NULL;
+
+	if (r->subprocess_env != NULL)
+		env_var_value = apr_table_get(r->subprocess_env,
+				OIDC_SET_COOKIE_APPEND_ENV_VAR);
+
+	if (env_var_value == NULL) {
+		oidc_debug(r, "no cookie append environment variable %s found",
+				OIDC_SET_COOKIE_APPEND_ENV_VAR);
+		return NULL;
+	}
+
+	oidc_debug(r, "cookie append environment variable %s=%s found",
+			OIDC_SET_COOKIE_APPEND_ENV_VAR, env_var_value);
+
+	return env_var_value;
+}
+
 /*
  * set a cookie in the HTTP response headers
  */
@@ -923,6 +944,7 @@ void oidc_util_set_cookie(request_rec *r, const char *cookieName,
 	oidc_cfg *c = ap_get_module_config(r->server->module_config,
 			&auth_openidc_module);
 	char *headerString, *expiresString = NULL;
+	const char *appendString = NULL;
 
 	/* see if we need to clear the cookie */
 	if (apr_strnatcmp(cookieValue, "") == 0)
@@ -961,6 +983,11 @@ void oidc_util_set_cookie(request_rec *r, const char *cookieName,
 	if (ext != NULL)
 		headerString = apr_psprintf(r->pool, "%s; %s", headerString, ext);
 
+	appendString = oidc_util_set_cookie_append_value(r, c);
+	if (appendString != NULL)
+		headerString = apr_psprintf(r->pool, "%s; %s", headerString,
+				appendString);
+
 	/* sanity check on overall cookie value size */
 	if (strlen(headerString) > OIDC_COOKIE_MAX_SIZE) {
 		oidc_warn(r,
-- 
2.26.2