Skip to content

feat: add config parameter to redeclare same site cookie setup #38458

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
micbar merged 2 commits into from
Mar 4, 2021
Merged

feat: add config parameter to redeclare same site cookie setup #38458

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2625377
feat: add config parameter to redeclare same site cookie setup
DeepDiver1975 Mar 2, 2021
ed9ab61
Update config/config.sample.php
mmattel Mar 4, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions changelog/unreleased/38458
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
Enhancement: Add config parameter 'http.cookie.samesite'

Allows to relax ownClouds same site cookie settings.
Possible values: Strict, Lax or None
Setting the same site cookie to none is necessary in case of OpenID Connect.

https://github.com/owncloud/core/pull/38458
11 changes: 11 additions & 0 deletions config/config.sample.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,17 @@
*/
'csrf.disabled' => false,

/**
* Define how to relax same site cookie settings
*
* Possible values: Strict, Lax or None
* Setting the same site cookie to None is necessary in case of OpenID Connect.
* For more information about the impact of the values see:
* https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#values
*/

'http.cookie.samesite' => 'strict',

/**
* Define the directory where the skeleton files are located
* These files will be copied to the data directory of new users.
Expand Down
11 changes: 4 additions & 7 deletions lib/private/Session/CryptoWrapper.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,20 +47,17 @@
* @package OC\Session
*/
class CryptoWrapper {
const COOKIE_NAME = 'oc_sessionPassphrase';
public const COOKIE_NAME = 'oc_sessionPassphrase';

/** @var ISession */
protected $session;

/** @var \OCP\Security\ICrypto */
/** @var ICrypto */
protected $crypto;

/** @var ISecureRandom */
protected $random;

/** @var IConfig */
private $config;

/** @var string */
private $passphrase;

Expand All @@ -75,7 +72,6 @@ public function __construct(IConfig $config,
ISecureRandom $random,
IRequest $request) {
$this->crypto = $crypto;
$this->config = $config;
$this->random = $random;

if ($request->getCookie(self::COOKIE_NAME) !== null) {
Expand All @@ -93,13 +89,14 @@ public function __construct(IConfig $config,
if (\version_compare(PHP_VERSION, '7.3.0') === -1) {
\setcookie(self::COOKIE_NAME, $this->passphrase, 0, $webRoot, '', $secureCookie, true);
} else {
$samesite = $config->getSystemValue('http.cookie.samesite', 'strict');
$options = [
"expires" => 0,
"path" => $webRoot,
"domain" => '',
"secure" => $secureCookie,
"httponly" => true,
"samesite" => 'strict'
"samesite" => $samesite
];

\setcookie(self::COOKIE_NAME, $this->passphrase, $options);
Expand Down