YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

portal:auth: samesite=None in dev mode

Browse source
This commit is contained in:
axolotle 2023-11-30 14:04:13 +01:00
parent 246c513796
commit 3f320a2358
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/authenticators/ldap_ynhuser.py
View file

@ -9,6 +9,7 @@ import base64
import os import os
import hashlib import hashlib
import glob import glob
from pathlib import Path
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives import padding from cryptography.hazmat.primitives import padding
@ -127,13 +128,16 @@ class Authenticator(BaseAuthenticator):
infos["id"] = short_hash(infos['user']) + random_ascii(20) infos["id"] = short_hash(infos['user']) + random_ascii(20)
infos["host"] = request.get_header("host") infos["host"] = request.get_header("host")
is_dev = Path("/etc/yunohost/.portal-api-allowed-cors-origins").exists()
response.set_cookie( response.set_cookie(
"yunohost.portal", "yunohost.portal",
jwt.encode(infos, SESSION_SECRET, algorithm="HS256"), jwt.encode(infos, SESSION_SECRET, algorithm="HS256"),
secure=True, secure=True,
httponly=True, httponly=True,
path="/", path="/",
samesite="strict", # Doesn't this cause issues ? May cause issue if the portal is on different subdomain than the portal API ? Will surely cause issue for development similar to CORS ? # Doesn't this cause issues ? May cause issue if the portal is on different subdomain than the portal API ? Will surely cause issue for development similar to CORS ?
samesite="strict" if not is_dev else None,
) )
# Create the session file (expiration mechanism) # Create the session file (expiration mechanism)