trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/proxy: fix redis cookies missing strict path (#7135) 

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2023-10-10 12:17:35 +02:00 committed by GitHub
parent bc595a9724
commit dd7d3bf738
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
internal/outpost/proxyv2/application/session.go
View File

@ -50,6 +50,7 @@ func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL)
Domain: *p.CookieDomain, Domain: *p.CookieDomain,
SameSite: http.SameSiteLaxMode, SameSite: http.SameSiteLaxMode,
MaxAge: maxAge, MaxAge: maxAge,
Path: externalHost.Path,
}) })
a.log.Trace("using redis session backend") a.log.Trace("using redis session backend")
@ -66,11 +67,11 @@ func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL)
// Note, when using the FilesystemStore only the session.ID is written to a browser cookie, so this is explicit for the storage on disk // Note, when using the FilesystemStore only the session.ID is written to a browser cookie, so this is explicit for the storage on disk
cs.MaxLength(math.MaxInt) cs.MaxLength(math.MaxInt)
cs.Options.HttpOnly = true cs.Options.HttpOnly = true
if strings.ToLower(externalHost.Scheme) == "https" { cs.Options.Secure = strings.ToLower(externalHost.Scheme) == "https"
cs.Options.Secure = true
}
cs.Options.Domain = *p.CookieDomain cs.Options.Domain = *p.CookieDomain
cs.Options.SameSite = http.SameSiteLaxMode cs.Options.SameSite = http.SameSiteLaxMode
cs.Options.MaxAge = maxAge
cs.Options.Path = externalHost.Path
a.log.WithField("dir", dir).Trace("using filesystem session backend") a.log.WithField("dir", dir).Trace("using filesystem session backend")
return cs return cs
} }