Allow setting cookie SameSite #537

This commit is contained in:
the-djmaze 2022-09-30 16:51:03 +02:00
parent fff3e5c9ce
commit 69ae65b4bb
5 changed files with 36 additions and 29 deletions

View file

@ -666,7 +666,7 @@ class ActionsAdmin extends Actions
private function setAdminAuthToken(string $sToken) : void
{
Utils::SetCookie(static::$AUTH_ADMIN_TOKEN_KEY, $sToken, 0);
Utils::SetCookie(static::$AUTH_ADMIN_TOKEN_KEY, $sToken);
}
private function getAdminToken() : string

View file

@ -80,7 +80,10 @@ abstract class Api
$sSslCapath = static::Config()->Get('ssl', 'capath', '');
Utils::$CookieDefaultPath = static::Config()->Get('labs', 'cookie_default_path', '');
Utils::$CookieDefaultSecure = !!static::Config()->Get('labs', 'cookie_default_secure', false);
Utils::$CookieSameSite = static::Config()->Get('security', 'cookie_samesite', 'Strict');
Utils::$CookieSecure = isset($_SERVER['HTTPS'])
|| 'None' == Utils::$CookieSameSite
|| !!static::Config()->Get('labs', 'cookie_default_secure', false);
if (!empty($sSslCafile) || !empty($sSslCapath))
{

View file

@ -181,7 +181,8 @@ class Application extends \RainLoop\Config\AbstractConfig
'admin_panel_key' => array('admin'),
'content_security_policy' => array(''),
'csp_report' => array(false),
'encrypt_cipher' => array($sCipher)
'encrypt_cipher' => array($sCipher),
'cookie_samesite' => array('Strict', 'Strict, Lax or None')
),
'admin_panel' => array(

View file

@ -634,12 +634,14 @@ class ServiceActions
$this->oHttp->ServerNoCache();
$sTo = \trim($_GET['to'] ?? '');
if (!empty($sTo) && \preg_match('/^mailto:/i', $sTo)) {
Utils::SetCookie(Actions::AUTH_MAILTO_TOKEN_KEY,
Utils::SetCookie(
Actions::AUTH_MAILTO_TOKEN_KEY,
Utils::EncodeKeyValuesQ(array(
'Time' => \microtime(true),
'MailTo' => 'MailTo',
'To' => $sTo
)), 0);
))
);
}
$this->oActions->Location('./');
return '';

View file

@ -4,15 +4,11 @@ namespace RainLoop;
class Utils
{
/**
* @var string
*/
static $CookieDefaultPath = '';
/**
* @var bool|null
*/
static $CookieDefaultSecure = null;
static $CookieSecure = null;
static $CookieSameSite = 'Strict';
const
/**
@ -119,7 +115,26 @@ class Utils
: null;
}
public static function SetCookie(string $sName, string $sValue = '', int $iExpire = 0, bool $bHttpOnly = true)
private static function _SetCookie(string $sName, string $sValue, int $iExpire)
{
$sPath = static::$CookieDefaultPath;
$sPath = $sPath && \strlen($sPath) ? $sPath : '/';
/*
if (\strlen($sValue) > 4000 - \strlen($sPath . $sName)) {
throw new \Exception("Cookie '{$sName}' value too long");
}
*/
\setcookie($sName, $sValue, array(
'expires' => $iExpire,
'path' => $sPath,
// 'domain' => null,
'secure' => static::$CookieSecure,
'httponly' => true,
'samesite' => static::$CookieSameSite
));
}
public static function SetCookie(string $sName, string $sValue = '', int $iExpire = 0)
{
$sPath = static::$CookieDefaultPath;
$sPath = $sPath && \strlen($sPath) ? $sPath : '/';
@ -133,14 +148,7 @@ class Utils
}
*/
foreach (\str_split($sValue, $iMaxSize) as $i => $sPart) {
\setcookie($i ? "{$sName}~{$i}" : $sName, $sPart, array(
'expires' => $iExpire,
'path' => $sPath,
// 'domain' => $sDomain,
'secure' => isset($_SERVER['HTTPS']) || static::$CookieDefaultSecure,
'httponly' => $bHttpOnly,
'samesite' => 'Strict'
));
static::_SetCookie($i ? "{$sName}~{$i}" : $sName, $sPart, $iExpire);
}
}
@ -151,14 +159,7 @@ class Utils
foreach (\array_keys($_COOKIE) as $sCookieName) {
if (\strtok($sCookieName, '~') === $sName) {
unset($_COOKIE[$sCookieName]);
\setcookie($sCookieName, '', array(
'expires' => \time() - 3600 * 24 * 30,
'path' => $sPath && \strlen($sPath) ? $sPath : '/',
// 'domain' => null,
'secure' => isset($_SERVER['HTTPS']) || static::$CookieDefaultSecure,
'httponly' => true,
'samesite' => 'Strict'
));
static::_SetCookie($sCookieName, '', \time() - 3600 * 24 * 30);
}
}
}