Use SameSiteLaxMode

This commit is contained in:
Melon 2024-02-15 14:44:58 +00:00
parent 96dbac5274
commit 2590e3f4e7
Signed by: melon
GPG Key ID: 6C9D970C50D26A25
3 changed files with 9 additions and 7 deletions

View File

@ -25,10 +25,12 @@ func addIdTokenSupport(srv *server.Server, db *database.DB, key mjwt.Signer) {
}
// IdTokenClaims contains the JWT claims for an access token
type IdTokenClaims struct{}
type IdTokenClaims struct {
Subject string `json:"subject"`
}
func (a IdTokenClaims) Valid() error { return nil }
func (a IdTokenClaims) Type() string { return "access-token" }
func (a IdTokenClaims) Type() string { return "id-token" }
func generateIDToken(ti oauth2.TokenInfo, us *database.DB, key mjwt.Signer) (token string, err error) {
tx, err := us.Begin()
@ -41,7 +43,7 @@ func generateIDToken(ti oauth2.TokenInfo, us *database.DB, key mjwt.Signer) (tok
}
tx.Rollback()
token, err = key.GenerateJwt(user.Sub, "", jwt.ClaimStrings{ti.GetClientID()}, ti.GetAccessExpiresIn(), IdTokenClaims{})
token, err = key.GenerateJwt(user.Sub, "", jwt.ClaimStrings{ti.GetClientID()}, ti.GetAccessExpiresIn(), &IdTokenClaims{Subject: user.Sub})
return
}

View File

@ -56,7 +56,7 @@ func (h *HttpServer) loginPost(rw http.ResponseWriter, req *http.Request, _ http
Path: "/",
MaxAge: -1,
Secure: true,
SameSite: http.SameSiteStrictMode,
SameSite: http.SameSiteLaxMode,
})
http.Redirect(rw, req, (&url.URL{
Path: "/login",
@ -82,7 +82,7 @@ func (h *HttpServer) loginPost(rw http.ResponseWriter, req *http.Request, _ http
Expires: future,
MaxAge: int(future.Sub(now).Seconds()),
Secure: true,
SameSite: http.SameSiteStrictMode,
SameSite: http.SameSiteLaxMode,
})
// save state for use later
@ -161,7 +161,7 @@ func (h *HttpServer) setLoginDataCookie(rw http.ResponseWriter, userId string) b
Path: "/",
Expires: time.Now().AddDate(0, 3, 0),
Secure: true,
SameSite: http.SameSiteStrictMode,
SameSite: http.SameSiteLaxMode,
})
return false
}

View File

@ -143,7 +143,7 @@ func NewHttpServer(conf Conf, db *database.DB, signingKey mjwt.Signer) *http.Ser
Path: "/",
MaxAge: -1,
Secure: true,
SameSite: http.SameSiteStrictMode,
SameSite: http.SameSiteLaxMode,
})
http.Redirect(rw, req, "/", http.StatusFound)