root: set samesite for csrf cookie
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
1ee603403e
commit
ed84fe0b8d
|
@ -75,6 +75,7 @@ AUTH_USER_MODEL = "authentik_core.User"
|
||||||
|
|
||||||
_cookie_suffix = "_debug" if DEBUG else ""
|
_cookie_suffix = "_debug" if DEBUG else ""
|
||||||
CSRF_COOKIE_NAME = "authentik_csrf"
|
CSRF_COOKIE_NAME = "authentik_csrf"
|
||||||
|
CSRF_COOKIE_SAMESITE = None
|
||||||
LANGUAGE_COOKIE_NAME = f"authentik_language{_cookie_suffix}"
|
LANGUAGE_COOKIE_NAME = f"authentik_language{_cookie_suffix}"
|
||||||
SESSION_COOKIE_NAME = f"authentik_session{_cookie_suffix}"
|
SESSION_COOKIE_NAME = f"authentik_session{_cookie_suffix}"
|
||||||
SESSION_COOKIE_DOMAIN = CONFIG.y("cookie_domain", None)
|
SESSION_COOKIE_DOMAIN = CONFIG.y("cookie_domain", None)
|
||||||
|
|
|
@ -50,13 +50,27 @@ export function tenant(): Promise<CurrentTenant> {
|
||||||
return globalTenantPromise;
|
return globalTenantPromise;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let csrfToken = getCookie("authentik_csrf");
|
||||||
|
|
||||||
|
export class CSRFUpdaterMiddleware implements Middleware {
|
||||||
|
post?(context: ResponseContext): Promise<Response | void> {
|
||||||
|
const newCsrf = getCookie("authentik_csrf");
|
||||||
|
if (newCsrf !== csrfToken) {
|
||||||
|
console.log("authentik/api: rotated CSRF token");
|
||||||
|
csrfToken = newCsrf;
|
||||||
|
}
|
||||||
|
return Promise.resolve(context.response);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
export const DEFAULT_CONFIG = new Configuration({
|
export const DEFAULT_CONFIG = new Configuration({
|
||||||
basePath: process.env.AK_API_BASE_PATH + "/api/v3",
|
basePath: process.env.AK_API_BASE_PATH + "/api/v3",
|
||||||
headers: {
|
headers: {
|
||||||
"X-CSRFToken": getCookie("authentik_csrf"),
|
"X-CSRFToken": csrfToken,
|
||||||
"sentry-trace": getMetaContent("sentry-trace") || "",
|
"sentry-trace": getMetaContent("sentry-trace") || "",
|
||||||
},
|
},
|
||||||
middleware: [
|
middleware: [
|
||||||
|
new CSRFUpdaterMiddleware(),
|
||||||
new APIMiddleware(),
|
new APIMiddleware(),
|
||||||
new MessageMiddleware(),
|
new MessageMiddleware(),
|
||||||
new LoggingMiddleware(),
|
new LoggingMiddleware(),
|
||||||
|
|
Reference in New Issue