From f34a1cfeefc7915fb12f05c74d3a8a60f60388fa Mon Sep 17 00:00:00 2001 From: Hans Zandbelt Date: Wed, 15 Jan 2020 17:58:53 +0100 Subject: [PATCH 8/9] add value of OIDC_SET_COOKIE_APPEND env var to Set-Cookie headers - useful for handling changing/upcoming SameSite behaviors across different browsers, e.g.: SetEnvIf User-Agent ".*IOS.*" OIDC_SET_COOKIE_APPEND=SameSite=None - bump to 2.4.1rc4 Signed-off-by: Hans Zandbelt (cherry picked from commit a326dbe843a755124ecee883db52dcdc26284c26) --- ChangeLog | 5 +++++ src/util.c | 27 +++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/ChangeLog b/ChangeLog index 6f28a3c..b3ed8f3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +01/15/2020 +- add value of OIDC_SET_COOKIE_APPEND env var to Set-Cookie headers + useful for handling changing/upcoming SameSite behaviors across different browsers, e.g.: + SetEnvIf User-Agent ".*IOS.*" OIDC_SET_COOKIE_APPEND=SameSite=None + 3/10/2016 - release 1.8.8 diff --git a/src/util.c b/src/util.c index b687cb6..472d0cd 100644 --- a/src/util.c +++ b/src/util.c @@ -676,6 +676,27 @@ static char *oidc_util_get_cookie_path(request_rec *r) { return (rv); } +#define OIDC_SET_COOKIE_APPEND_ENV_VAR "OIDC_SET_COOKIE_APPEND" + +const char *oidc_util_set_cookie_append_value(request_rec *r, oidc_cfg *c) { + const char *env_var_value = NULL; + + if (r->subprocess_env != NULL) + env_var_value = apr_table_get(r->subprocess_env, + OIDC_SET_COOKIE_APPEND_ENV_VAR); + + if (env_var_value == NULL) { + oidc_debug(r, "no cookie append environment variable %s found", + OIDC_SET_COOKIE_APPEND_ENV_VAR); + return NULL; + } + + oidc_debug(r, "cookie append environment variable %s=%s found", + OIDC_SET_COOKIE_APPEND_ENV_VAR, env_var_value); + + return env_var_value; +} + /* * set a cookie in the HTTP response headers */ @@ -685,6 +706,7 @@ void oidc_util_set_cookie(request_rec *r, const char *cookieName, oidc_cfg *c = ap_get_module_config(r->server->module_config, &auth_openidc_module); char *headerString, *currentCookies, *expiresString = NULL; + const char *appendString = NULL; /* see if we need to clear the cookie */ if (apr_strnatcmp(cookieValue, "") == 0) @@ -710,6 +732,11 @@ void oidc_util_set_cookie(request_rec *r, const char *cookieName, ";Secure" : ""), c->cookie_http_only != FALSE ? ";HttpOnly" : ""); + appendString = oidc_util_set_cookie_append_value(r, c); + if (appendString != NULL) + headerString = apr_psprintf(r->pool, "%s; %s", headerString, + appendString); + /* sanity check on overall cookie value size */ if (strlen(headerString) > 4093) { oidc_warn(r, -- 2.26.2