mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-07 22:15:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #252 from mattmoyer/fix-csrf-cookie-same-site

Browse Source 
Switch CSRF cookie from `Same-Site=Strict` to `Same-Site=Lax`.
This commit is contained in:
Matt Moyer
2020-12-03 21:53:24 -06:00
committed by GitHub
parent fa94ebfbd1 f0ebd808d7
commit 7b088d611d
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/oidc/auth/auth_handler.go
View File

@@ -225,7 +225,7 @@ func addCSRFSetCookieHeader(w http.ResponseWriter, csrfValue csrftoken.CSRFToken
Name: oidc.CSRFCookieName,
Value: encodedCSRFValue,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
SameSite: http.SameSiteLaxMode,
Secure: true,
Path: "/",
})

2
internal/oidc/auth/auth_handler_test.go
View File

@@ -751,7 +751,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
if test.wantCSRFValueInCookieHeader != "" {
require.Len(t, rsp.Header().Values("Set-Cookie"), 1)
actualCookie := rsp.Header().Get("Set-Cookie")
regex := regexp.MustCompile("__Host-pinniped-csrf=([^;]+); Path=/; HttpOnly; Secure; SameSite=Strict")
regex := regexp.MustCompile("__Host-pinniped-csrf=([^;]+); Path=/; HttpOnly; Secure; SameSite=Lax")
submatches := regex.FindStringSubmatch(actualCookie)
require.Len(t, submatches, 2)
captured := submatches[1]