IlyaSobolev/DocSpace-buildtools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added samesite option

Browse Source
This commit is contained in:
pavelbannov 2023-06-01 19:02:21 +03:00
parent e047263ea7
commit f4983243f9
2 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config/appsettings.json
View File

@ -296,7 +296,8 @@
"book-training-email": "training@onlyoffice.com", "book-training-email": "training@onlyoffice.com",
"documentation-email": "documentation@onlyoffice.com", "documentation-email": "documentation@onlyoffice.com",
"max-upload-size": 5242880, "max-upload-size": 5242880,
"zendesk-key": "" "zendesk-key": "",
"samesite": ""
}, },
"ConnectionStrings": { "ConnectionStrings": {
"default": { "default": {

20
web/ASC.Web.Core/CookiesManager.cs
View File

@ -29,6 +29,7 @@ using ASC.Core.Data;
using Microsoft.Net.Http.Headers; using Microsoft.Net.Http.Headers;
using Constants = ASC.Core.Users.Constants; using Constants = ASC.Core.Users.Constants;
using SameSiteMode = Microsoft.AspNetCore.Http.SameSiteMode;
namespace ASC.Web.Core; namespace ASC.Web.Core;
@ -52,6 +53,7 @@ public class CookiesManager
private readonly CoreBaseSettings _coreBaseSettings; private readonly CoreBaseSettings _coreBaseSettings;
private readonly DbLoginEventsManager _dbLoginEventsManager; private readonly DbLoginEventsManager _dbLoginEventsManager;
private readonly MessageService _messageService; private readonly MessageService _messageService;
private readonly SameSiteMode? _sameSiteMode;
public CookiesManager( public CookiesManager(
IHttpContextAccessor httpContextAccessor, IHttpContextAccessor httpContextAccessor,
@ -61,7 +63,8 @@ public class CookiesManager
TenantManager tenantManager, TenantManager tenantManager,
CoreBaseSettings coreBaseSettings, CoreBaseSettings coreBaseSettings,
DbLoginEventsManager dbLoginEventsManager, DbLoginEventsManager dbLoginEventsManager,
MessageService messageService) MessageService messageService,
IConfiguration configuration)
{ {
_httpContextAccessor = httpContextAccessor; _httpContextAccessor = httpContextAccessor;
_userManager = userManager; _userManager = userManager;
@ -71,6 +74,11 @@ public class CookiesManager
_coreBaseSettings = coreBaseSettings; _coreBaseSettings = coreBaseSettings;
_dbLoginEventsManager = dbLoginEventsManager; _dbLoginEventsManager = dbLoginEventsManager;
_messageService = messageService; _messageService = messageService;
if (Enum.TryParse<SameSiteMode>(configuration["web:samesite"], out var sameSiteMode))
{
_sameSiteMode = sameSiteMode;
}
} }
public void SetCookies(CookiesType type, string value, bool session = false) public void SetCookies(CookiesType type, string value, bool session = false)
@ -89,10 +97,20 @@ public class CookiesManager
{ {
options.HttpOnly = true; options.HttpOnly = true;
if (_sameSiteMode.HasValue && _sameSiteMode.Value != SameSiteMode.None)
{
options.SameSite = _sameSiteMode.Value;
}
var urlRewriter = _httpContextAccessor.HttpContext.Request.Url(); var urlRewriter = _httpContextAccessor.HttpContext.Request.Url();
if (urlRewriter.Scheme == "https") if (urlRewriter.Scheme == "https")
{ {
options.Secure = true; options.Secure = true;
if (_sameSiteMode.HasValue && _sameSiteMode.Value == SameSiteMode.None)
{
options.SameSite = _sameSiteMode.Value;
}
} }
if (FromCors()) if (FromCors())