Merge pull request #252 from mattmoyer/fix-csrf-cookie-same-site
Switch CSRF cookie from `Same-Site=Strict` to `Same-Site=Lax`.
This commit is contained in:
commit
7b088d611d
@ -225,7 +225,7 @@ func addCSRFSetCookieHeader(w http.ResponseWriter, csrfValue csrftoken.CSRFToken
|
|||||||
Name: oidc.CSRFCookieName,
|
Name: oidc.CSRFCookieName,
|
||||||
Value: encodedCSRFValue,
|
Value: encodedCSRFValue,
|
||||||
HttpOnly: true,
|
HttpOnly: true,
|
||||||
SameSite: http.SameSiteStrictMode,
|
SameSite: http.SameSiteLaxMode,
|
||||||
Secure: true,
|
Secure: true,
|
||||||
Path: "/",
|
Path: "/",
|
||||||
})
|
})
|
||||||
|
@ -751,7 +751,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
|
|||||||
if test.wantCSRFValueInCookieHeader != "" {
|
if test.wantCSRFValueInCookieHeader != "" {
|
||||||
require.Len(t, rsp.Header().Values("Set-Cookie"), 1)
|
require.Len(t, rsp.Header().Values("Set-Cookie"), 1)
|
||||||
actualCookie := rsp.Header().Get("Set-Cookie")
|
actualCookie := rsp.Header().Get("Set-Cookie")
|
||||||
regex := regexp.MustCompile("__Host-pinniped-csrf=([^;]+); Path=/; HttpOnly; Secure; SameSite=Strict")
|
regex := regexp.MustCompile("__Host-pinniped-csrf=([^;]+); Path=/; HttpOnly; Secure; SameSite=Lax")
|
||||||
submatches := regex.FindStringSubmatch(actualCookie)
|
submatches := regex.FindStringSubmatch(actualCookie)
|
||||||
require.Len(t, submatches, 2)
|
require.Len(t, submatches, 2)
|
||||||
captured := submatches[1]
|
captured := submatches[1]
|
||||||
|
Loading…
Reference in New Issue
Block a user