|
@@ -60,7 +60,7 @@ func (hs *HTTPServer) OAuthLogin(ctx *m.ReqContext) {
|
|
|
if code == "" {
|
|
if code == "" {
|
|
|
state := GenStateString()
|
|
state := GenStateString()
|
|
|
hashedState := hashStatecode(state, setting.OAuthService.OAuthInfos[name].ClientSecret)
|
|
hashedState := hashStatecode(state, setting.OAuthService.OAuthInfos[name].ClientSecret)
|
|
|
- hs.writeCookie(ctx.Resp, OauthStateCookieName, hashedState, 60)
|
|
|
|
|
|
|
+ hs.writeCookie(ctx.Resp, OauthStateCookieName, hashedState, 60, http.SameSiteLaxMode)
|
|
|
if setting.OAuthService.OAuthInfos[name].HostedDomain == "" {
|
|
if setting.OAuthService.OAuthInfos[name].HostedDomain == "" {
|
|
|
ctx.Redirect(connect.AuthCodeURL(state, oauth2.AccessTypeOnline))
|
|
ctx.Redirect(connect.AuthCodeURL(state, oauth2.AccessTypeOnline))
|
|
|
} else {
|
|
} else {
|
|
@@ -73,7 +73,7 @@ func (hs *HTTPServer) OAuthLogin(ctx *m.ReqContext) {
|
|
|
|
|
|
|
|
// delete cookie
|
|
// delete cookie
|
|
|
ctx.Resp.Header().Del("Set-Cookie")
|
|
ctx.Resp.Header().Del("Set-Cookie")
|
|
|
- hs.deleteCookie(ctx.Resp, OauthStateCookieName)
|
|
|
|
|
|
|
+ hs.deleteCookie(ctx.Resp, OauthStateCookieName, http.SameSiteLaxMode)
|
|
|
|
|
|
|
|
if cookieState == "" {
|
|
if cookieState == "" {
|
|
|
ctx.Handle(500, "login.OAuthLogin(missing saved state)", nil)
|
|
ctx.Handle(500, "login.OAuthLogin(missing saved state)", nil)
|
|
@@ -213,11 +213,11 @@ func (hs *HTTPServer) OAuthLogin(ctx *m.ReqContext) {
|
|
|
ctx.Redirect(setting.AppSubUrl + "/")
|
|
ctx.Redirect(setting.AppSubUrl + "/")
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
-func (hs *HTTPServer) deleteCookie(w http.ResponseWriter, name string) {
|
|
|
|
|
- hs.writeCookie(w, name, "", -1)
|
|
|
|
|
|
|
+func (hs *HTTPServer) deleteCookie(w http.ResponseWriter, name string, sameSite http.SameSite) {
|
|
|
|
|
+ hs.writeCookie(w, name, "", -1, sameSite)
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
-func (hs *HTTPServer) writeCookie(w http.ResponseWriter, name string, value string, maxAge int) {
|
|
|
|
|
|
|
+func (hs *HTTPServer) writeCookie(w http.ResponseWriter, name string, value string, maxAge int, sameSite http.SameSite) {
|
|
|
http.SetCookie(w, &http.Cookie{
|
|
http.SetCookie(w, &http.Cookie{
|
|
|
Name: name,
|
|
Name: name,
|
|
|
MaxAge: maxAge,
|
|
MaxAge: maxAge,
|
|
@@ -225,7 +225,7 @@ func (hs *HTTPServer) writeCookie(w http.ResponseWriter, name string, value stri
|
|
|
HttpOnly: true,
|
|
HttpOnly: true,
|
|
|
Path: setting.AppSubUrl + "/",
|
|
Path: setting.AppSubUrl + "/",
|
|
|
Secure: hs.Cfg.CookieSecure,
|
|
Secure: hs.Cfg.CookieSecure,
|
|
|
- SameSite: hs.Cfg.CookieSameSite,
|
|
|
|
|
|
|
+ SameSite: sameSite,
|
|
|
})
|
|
})
|
|
|
}
|
|
}
|
|
|
|
|
|
Sofia Papagiannaki