mirror of
https://github.com/nextcloud/server.git
synced 2026-04-21 14:23:17 -04:00
feat(core): add cookie_domain config option
Signed-off-by: Samuel Bizien Filippi <samuel.bizien-filippi@finances.gouv.fr>
This commit is contained in:
Samuel Bizien Filippi
Robin Appelman
parent
c2bf3480e4
commit
a14cade3ac
4 changed files with 26 additions and 10 deletions
|
|
@ -87,6 +87,14 @@ $CONFIG = [
|
|||
'[2001:db8::1]'
|
||||
],
|
||||
|
||||
/**
|
||||
* The validity domain for cookies, for example '' (cookies will be sent only
|
||||
* the domain that defined it, e.g. 'demo.example.org'), 'demo.example.org'
|
||||
* (cookies will be valid for the domain and all subdomains), ...
|
||||
*
|
||||
* Defaults to '' (safe option)
|
||||
*/
|
||||
'cookie_domain' => '',
|
||||
|
||||
/**
|
||||
* Where user files are stored. The SQLite database is also stored here, when
|
||||
|
|
|
|||
|
|
@ -393,6 +393,12 @@ class OC {
|
|||
$cookie_path = OC::$WEBROOT ? : '/';
|
||||
ini_set('session.cookie_path', $cookie_path);
|
||||
|
||||
// set the cookie domain to the Nextcloud domain
|
||||
$cookie_domain = self::$config->getValue('cookie_domain', '');
|
||||
if ($cookie_domain) {
|
||||
ini_set('session.cookie_domain', $cookie_domain);
|
||||
}
|
||||
|
||||
// Let the session name be changed in the initSession Hook
|
||||
$sessionName = OC_Util::getInstanceId();
|
||||
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ class CryptoWrapper {
|
|||
[
|
||||
'expires' => 0,
|
||||
'path' => $webRoot,
|
||||
'domain' => '',
|
||||
'domain' => \OCP\Server::get(\OCP\IConfig::class)->getSystemValueString('cookie_domain'),
|
||||
'secure' => $secureCookie,
|
||||
'httponly' => true,
|
||||
'samesite' => 'Lax',
|
||||
|
|
|
|||
|
|
@ -967,6 +967,7 @@ class Session implements IUserSession, Emitter {
|
|||
if ($webRoot === '') {
|
||||
$webRoot = '/';
|
||||
}
|
||||
$domain = $this->config->getSystemValueString('cookie_domain');
|
||||
|
||||
$maxAge = $this->config->getSystemValueInt('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
|
||||
\OC\Http\CookieHelper::setCookie(
|
||||
|
|
@ -974,7 +975,7 @@ class Session implements IUserSession, Emitter {
|
|||
$username,
|
||||
$maxAge,
|
||||
$webRoot,
|
||||
'',
|
||||
$domain,
|
||||
$secureCookie,
|
||||
true,
|
||||
\OC\Http\CookieHelper::SAMESITE_LAX
|
||||
|
|
@ -984,7 +985,7 @@ class Session implements IUserSession, Emitter {
|
|||
$token,
|
||||
$maxAge,
|
||||
$webRoot,
|
||||
'',
|
||||
$domain,
|
||||
$secureCookie,
|
||||
true,
|
||||
\OC\Http\CookieHelper::SAMESITE_LAX
|
||||
|
|
@ -995,7 +996,7 @@ class Session implements IUserSession, Emitter {
|
|||
$this->session->getId(),
|
||||
$maxAge,
|
||||
$webRoot,
|
||||
'',
|
||||
$domain,
|
||||
$secureCookie,
|
||||
true,
|
||||
\OC\Http\CookieHelper::SAMESITE_LAX
|
||||
|
|
@ -1011,18 +1012,19 @@ class Session implements IUserSession, Emitter {
|
|||
public function unsetMagicInCookie() {
|
||||
//TODO: DI for cookies and IRequest
|
||||
$secureCookie = OC::$server->getRequest()->getServerProtocol() === 'https';
|
||||
$domain = $this->config->getSystemValueString('cookie_domain');
|
||||
|
||||
unset($_COOKIE['nc_username']); //TODO: DI
|
||||
unset($_COOKIE['nc_token']);
|
||||
unset($_COOKIE['nc_session_id']);
|
||||
setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
|
||||
setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
|
||||
setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
|
||||
setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, $domain, $secureCookie, true);
|
||||
setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, $domain, $secureCookie, true);
|
||||
setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, $domain, $secureCookie, true);
|
||||
// old cookies might be stored under /webroot/ instead of /webroot
|
||||
// and Firefox doesn't like it!
|
||||
setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
|
||||
setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
|
||||
setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
|
||||
setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', $domain, $secureCookie, true);
|
||||
setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', $domain, $secureCookie, true);
|
||||
setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', $domain, $secureCookie, true);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Reference in a new issue