added samesite option
This commit is contained in:
parent
e047263ea7
commit
f4983243f9
@ -296,7 +296,8 @@
|
|||||||
"book-training-email": "training@onlyoffice.com",
|
"book-training-email": "training@onlyoffice.com",
|
||||||
"documentation-email": "documentation@onlyoffice.com",
|
"documentation-email": "documentation@onlyoffice.com",
|
||||||
"max-upload-size": 5242880,
|
"max-upload-size": 5242880,
|
||||||
"zendesk-key": ""
|
"zendesk-key": "",
|
||||||
|
"samesite": ""
|
||||||
},
|
},
|
||||||
"ConnectionStrings": {
|
"ConnectionStrings": {
|
||||||
"default": {
|
"default": {
|
||||||
|
@ -29,6 +29,7 @@ using ASC.Core.Data;
|
|||||||
using Microsoft.Net.Http.Headers;
|
using Microsoft.Net.Http.Headers;
|
||||||
|
|
||||||
using Constants = ASC.Core.Users.Constants;
|
using Constants = ASC.Core.Users.Constants;
|
||||||
|
using SameSiteMode = Microsoft.AspNetCore.Http.SameSiteMode;
|
||||||
|
|
||||||
namespace ASC.Web.Core;
|
namespace ASC.Web.Core;
|
||||||
|
|
||||||
@ -52,6 +53,7 @@ public class CookiesManager
|
|||||||
private readonly CoreBaseSettings _coreBaseSettings;
|
private readonly CoreBaseSettings _coreBaseSettings;
|
||||||
private readonly DbLoginEventsManager _dbLoginEventsManager;
|
private readonly DbLoginEventsManager _dbLoginEventsManager;
|
||||||
private readonly MessageService _messageService;
|
private readonly MessageService _messageService;
|
||||||
|
private readonly SameSiteMode? _sameSiteMode;
|
||||||
|
|
||||||
public CookiesManager(
|
public CookiesManager(
|
||||||
IHttpContextAccessor httpContextAccessor,
|
IHttpContextAccessor httpContextAccessor,
|
||||||
@ -61,7 +63,8 @@ public class CookiesManager
|
|||||||
TenantManager tenantManager,
|
TenantManager tenantManager,
|
||||||
CoreBaseSettings coreBaseSettings,
|
CoreBaseSettings coreBaseSettings,
|
||||||
DbLoginEventsManager dbLoginEventsManager,
|
DbLoginEventsManager dbLoginEventsManager,
|
||||||
MessageService messageService)
|
MessageService messageService,
|
||||||
|
IConfiguration configuration)
|
||||||
{
|
{
|
||||||
_httpContextAccessor = httpContextAccessor;
|
_httpContextAccessor = httpContextAccessor;
|
||||||
_userManager = userManager;
|
_userManager = userManager;
|
||||||
@ -71,6 +74,11 @@ public class CookiesManager
|
|||||||
_coreBaseSettings = coreBaseSettings;
|
_coreBaseSettings = coreBaseSettings;
|
||||||
_dbLoginEventsManager = dbLoginEventsManager;
|
_dbLoginEventsManager = dbLoginEventsManager;
|
||||||
_messageService = messageService;
|
_messageService = messageService;
|
||||||
|
|
||||||
|
if (Enum.TryParse<SameSiteMode>(configuration["web:samesite"], out var sameSiteMode))
|
||||||
|
{
|
||||||
|
_sameSiteMode = sameSiteMode;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void SetCookies(CookiesType type, string value, bool session = false)
|
public void SetCookies(CookiesType type, string value, bool session = false)
|
||||||
@ -89,10 +97,20 @@ public class CookiesManager
|
|||||||
{
|
{
|
||||||
options.HttpOnly = true;
|
options.HttpOnly = true;
|
||||||
|
|
||||||
|
if (_sameSiteMode.HasValue && _sameSiteMode.Value != SameSiteMode.None)
|
||||||
|
{
|
||||||
|
options.SameSite = _sameSiteMode.Value;
|
||||||
|
}
|
||||||
|
|
||||||
var urlRewriter = _httpContextAccessor.HttpContext.Request.Url();
|
var urlRewriter = _httpContextAccessor.HttpContext.Request.Url();
|
||||||
if (urlRewriter.Scheme == "https")
|
if (urlRewriter.Scheme == "https")
|
||||||
{
|
{
|
||||||
options.Secure = true;
|
options.Secure = true;
|
||||||
|
|
||||||
|
if (_sameSiteMode.HasValue && _sameSiteMode.Value == SameSiteMode.None)
|
||||||
|
{
|
||||||
|
options.SameSite = _sameSiteMode.Value;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (FromCors())
|
if (FromCors())
|
||||||
|
Loading…
Reference in New Issue
Block a user