djpbessems/lucidAuth
1
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

Babysteps towards cross-domain-cookies-in-iframes

Browse Source
This commit is contained in:
Danny Bessems
2019-03-13 09:59:12 +00:00
parent 0a5384f6a8
commit a20f13ab7c
3 changed files with 28 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
public/lucidAuth.setXDomainCookie.php
View File

@@ -3,8 +3,7 @@
include_once('../include/lucidAuth.functions.php');
// Start with checking $_REQUEST['ref']
// Start with checking $_REQUEST['ref']
// What do we need?
// token again?
@@ -16,6 +15,24 @@
// let the client setup multiple iframes for all domains other than origin domains
// this requires passing an array of domains to the client in asynchronous reply; which feels insecure
if (!empty($_REQUEST['ref'])) {
try {
$queryString = json_decode(base64_decode($_REQUEST['ref']), JSON_OBJECT_AS_ARRAY);
}
catch (Exception $e) {
// Silently fail, unless explicitly specified otherwise
if ($settings->Debug['Verbose']) throw new Exception($e);
exit;
}
switch ($queryString['action']) {
case 'login':
break;
default:
break;
}
}
include_once('../include/lucidAuth.template.php');
echo sprintf($pageLayout['bare'],