96 lines
3.4 KiB
Diff
96 lines
3.4 KiB
Diff
From fb5ad7bf997946df4472cb94d7875ee70281d59c Mon Sep 17 00:00:00 2001
|
||
From: Anthony Critelli <acritelli@datto.com>
|
||
Date: Tue, 7 Jan 2020 11:14:24 -0500
|
||
Subject: [PATCH] Add none option for samesite
|
||
|
||
---
|
||
README.md | 7 +++++--
|
||
auth_mellon.h | 3 ++-
|
||
auth_mellon_config.c | 2 ++
|
||
auth_mellon_cookie.c | 4 +++-
|
||
auth_mellon_diagnostics.c | 1 +
|
||
5 files changed, 13 insertions(+), 4 deletions(-)
|
||
|
||
diff --git a/README.md b/README.md
|
||
index be374bc..82a88fc 100644
|
||
--- a/README.md
|
||
+++ b/README.md
|
||
@@ -218,8 +218,11 @@ MellonDiagnosticsEnable Off
|
||
|
||
# MellonCookieSameSite allows control over the SameSite value used
|
||
# for the authentication cookie.
|
||
- # The setting accepts values of "Strict" or "Lax"
|
||
- # If not set, the SameSite attribute is not set on the cookie.
|
||
+ # The setting accepts values of "Strict", "Lax", or "None".
|
||
+ # When using none, you should set "MellonSecureCookie On" to prevent
|
||
+ # compatibility issues with newer browsers.
|
||
+ # If not set, the SameSite attribute is not set on the cookie. In newer
|
||
+ # browsers, this may cause SameSite to default to "Lax"
|
||
# Default: not set
|
||
# MellonCookieSameSite lax
|
||
|
||
diff --git a/auth_mellon.h b/auth_mellon.h
|
||
index 9ef2d8a..5f5a20b 100644
|
||
--- a/auth_mellon.h
|
||
+++ b/auth_mellon.h
|
||
@@ -164,7 +164,8 @@ typedef enum {
|
||
typedef enum {
|
||
am_samesite_default,
|
||
am_samesite_lax,
|
||
- am_samesite_strict
|
||
+ am_samesite_strict,
|
||
+ am_samesite_none,
|
||
} am_samesite_t;
|
||
|
||
typedef enum {
|
||
diff --git a/auth_mellon_config.c b/auth_mellon_config.c
|
||
index 7932e2d..f1a9d12 100644
|
||
--- a/auth_mellon_config.c
|
||
+++ b/auth_mellon_config.c
|
||
@@ -583,6 +583,8 @@ static const char *am_set_samesite_slot(cmd_parms *cmd,
|
||
d->cookie_samesite = am_samesite_lax;
|
||
} else if(!strcasecmp(arg, "strict")) {
|
||
d->cookie_samesite = am_samesite_strict;
|
||
+ } else if(!strcasecmp(arg, "none")) {
|
||
+ d->cookie_samesite = am_samesite_none;
|
||
} else {
|
||
return "The MellonCookieSameSite parameter must be 'lax' or 'strict'";
|
||
}
|
||
diff --git a/auth_mellon_cookie.c b/auth_mellon_cookie.c
|
||
index 8394c18..b2c8535 100644
|
||
--- a/auth_mellon_cookie.c
|
||
+++ b/auth_mellon_cookie.c
|
||
@@ -1,7 +1,7 @@
|
||
/*
|
||
*
|
||
* auth_mellon_cookie.c: an authentication apache module
|
||
- * Copyright <20> 2003-2007 UNINETT (http://www.uninett.no/)
|
||
+ * Copyright © 2003-2007 UNINETT (http://www.uninett.no/)
|
||
*
|
||
* This program is free software; you can redistribute it and/or modify
|
||
* it under the terms of the GNU General Public License as published by
|
||
@@ -73,6 +73,8 @@ static const char *am_cookie_params(request_rec *r)
|
||
cookie_samesite = "; SameSite=Lax";
|
||
} else if (cfg->cookie_samesite == am_samesite_strict) {
|
||
cookie_samesite = "; SameSite=Strict";
|
||
+ } else if (cfg->cookie_samesite == am_samesite_none) {
|
||
+ cookie_samesite = "; SameSite=None";
|
||
}
|
||
|
||
secure_cookie = cfg->secure;
|
||
diff --git a/auth_mellon_diagnostics.c b/auth_mellon_diagnostics.c
|
||
index 792e894..912814b 100644
|
||
--- a/auth_mellon_diagnostics.c
|
||
+++ b/auth_mellon_diagnostics.c
|
||
@@ -214,6 +214,7 @@ am_diag_samesite_str(request_rec *r, am_samesite_t samesite)
|
||
case am_samesite_default: return "default";
|
||
case am_samesite_lax: return "lax";
|
||
case am_samesite_strict: return "strict";
|
||
+ case am_samesite_none: return "none";
|
||
default:
|
||
return apr_psprintf(r->pool, "unknown (%d)", samesite);
|
||
}
|
||
--
|
||
2.21.0
|
||
|