mod_auth_mellon/0007-avoid-always-set-SameSite-cookie.patch

70 lines
2.3 KiB
Diff

From b9d87e0deb528817689f1648999a95645b1b19ad Mon Sep 17 00:00:00 2001
From: Keita SUZUKI <keita@osstech.co.jp>
Date: Mon, 20 Jan 2020 11:03:14 +0900
Subject: [PATCH] avoid always set SameSite cookie
---
auth_mellon.h | 5 +++++
auth_mellon_cookie.c | 22 ++++++++++++++++------
2 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/auth_mellon.h b/auth_mellon.h
index 5f5a20b..8bb8023 100644
--- a/auth_mellon.h
+++ b/auth_mellon.h
@@ -96,6 +96,11 @@ typedef enum {
} am_diag_flags_t;
#endif
+
+/* Disable SameSite Environment Value */
+#define AM_DISABLE_SAMESITE_ENV_VAR "MELLON_DISABLE_SAMESITE"
+
+
/* This is the length of the id we use (for session IDs and
* replaying POST data).
*/
diff --git a/auth_mellon_cookie.c b/auth_mellon_cookie.c
index b2c8535..55f77a5 100644
--- a/auth_mellon_cookie.c
+++ b/auth_mellon_cookie.c
@@ -59,6 +59,7 @@ static const char *am_cookie_params(request_rec *r)
const char *cookie_domain = ap_get_server_name(r);
const char *cookie_path = "/";
const char *cookie_samesite = "";
+ const char *env_var_value = NULL;
am_dir_cfg_rec *cfg = am_get_dir_cfg(r);
if (cfg->cookie_domain) {
@@ -69,12 +70,21 @@ static const char *am_cookie_params(request_rec *r)
cookie_path = cfg->cookie_path;
}
- if (cfg->cookie_samesite == am_samesite_lax) {
- cookie_samesite = "; SameSite=Lax";
- } else if (cfg->cookie_samesite == am_samesite_strict) {
- cookie_samesite = "; SameSite=Strict";
- } else if (cfg->cookie_samesite == am_samesite_none) {
- cookie_samesite = "; SameSite=None";
+ if (r->subprocess_env != NULL){
+ env_var_value = apr_table_get(r->subprocess_env,
+ AM_DISABLE_SAMESITE_ENV_VAR);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
+ "%s : %s", AM_DISABLE_SAMESITE_ENV_VAR, env_var_value);
+ }
+
+ if (env_var_value == NULL){
+ if (cfg->cookie_samesite == am_samesite_lax) {
+ cookie_samesite = "; SameSite=Lax";
+ } else if (cfg->cookie_samesite == am_samesite_strict) {
+ cookie_samesite = "; SameSite=Strict";
+ } else if (cfg->cookie_samesite == am_samesite_none) {
+ cookie_samesite = "; SameSite=None";
+ }
}
secure_cookie = cfg->secure;
--
2.21.0