root: set samesite for csrf cookie
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
1ee603403e
commit
ed84fe0b8d
|
@ -75,6 +75,7 @@ AUTH_USER_MODEL = "authentik_core.User"
|
|||
|
||||
_cookie_suffix = "_debug" if DEBUG else ""
|
||||
CSRF_COOKIE_NAME = "authentik_csrf"
|
||||
CSRF_COOKIE_SAMESITE = None
|
||||
LANGUAGE_COOKIE_NAME = f"authentik_language{_cookie_suffix}"
|
||||
SESSION_COOKIE_NAME = f"authentik_session{_cookie_suffix}"
|
||||
SESSION_COOKIE_DOMAIN = CONFIG.y("cookie_domain", None)
|
||||
|
|
|
@ -50,13 +50,27 @@ export function tenant(): Promise<CurrentTenant> {
|
|||
return globalTenantPromise;
|
||||
}
|
||||
|
||||
let csrfToken = getCookie("authentik_csrf");
|
||||
|
||||
export class CSRFUpdaterMiddleware implements Middleware {
|
||||
post?(context: ResponseContext): Promise<Response | void> {
|
||||
const newCsrf = getCookie("authentik_csrf");
|
||||
if (newCsrf !== csrfToken) {
|
||||
console.log("authentik/api: rotated CSRF token");
|
||||
csrfToken = newCsrf;
|
||||
}
|
||||
return Promise.resolve(context.response);
|
||||
}
|
||||
}
|
||||
|
||||
export const DEFAULT_CONFIG = new Configuration({
|
||||
basePath: process.env.AK_API_BASE_PATH + "/api/v3",
|
||||
headers: {
|
||||
"X-CSRFToken": getCookie("authentik_csrf"),
|
||||
"X-CSRFToken": csrfToken,
|
||||
"sentry-trace": getMetaContent("sentry-trace") || "",
|
||||
},
|
||||
middleware: [
|
||||
new CSRFUpdaterMiddleware(),
|
||||
new APIMiddleware(),
|
||||
new MessageMiddleware(),
|
||||
new LoggingMiddleware(),
|
||||
|
|
Reference in a new issue