mirror
/
Sonarr
mirror of https://github.com/Sonarr/Sonarr
1
0
Fork 0
Code Issues Releases Wiki Activity

Fixed: Set SameSite=Strict for SonarrAuth cookie 

Closes #4365
This commit is contained in:
Mark McDowall 2021-03-07 15:10:56 -08:00
parent 6619350f87
commit 675c72f02e
2 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Sonarr.Http/Authentication/EnableAuthInNancy.cs
View File

@ -4,7 +4,6 @@ using Nancy;
using Nancy.Authentication.Basic;
using Nancy.Authentication.Forms;
using Nancy.Bootstrapper;
using Nancy.Cookies;
using Nancy.Cryptography;
using NzbDrone.Common.Extensions;
using NzbDrone.Core.Authentication;
@ -120,7 +119,7 @@ namespace Sonarr.Http.Authentication
if (FormsAuthentication.DecryptAndValidateAuthenticationCookie(formsAuthCookieValue, FormsAuthConfig).IsNotNullOrWhiteSpace())
{
var formsAuthCookie = new NancyCookie(formsAuthCookieName, formsAuthCookieValue, true, false, DateTime.UtcNow.AddDays(7))
var formsAuthCookie = new SonarrNancyCookie(formsAuthCookieName, formsAuthCookieValue, true, false, DateTime.UtcNow.AddDays(7))
{
Path = GetCookiePath()
};

33
src/Sonarr.Http/Authentication/SonarrNancyCookie.cs Normal file
View File

@ -0,0 +1,33 @@
using System;
using Nancy.Cookies;
namespace Sonarr.Http.Authentication
{
public class SonarrNancyCookie : NancyCookie
{
public SonarrNancyCookie(string name, string value) : base(name, value)
{
}
public SonarrNancyCookie(string name, string value, DateTime expires) : base(name, value, expires)
{
}
public SonarrNancyCookie(string name, string value, bool httpOnly) : base(name, value, httpOnly)
{
}
public SonarrNancyCookie(string name, string value, bool httpOnly, bool secure) : base(name, value, httpOnly, secure)
{
}
public SonarrNancyCookie(string name, string value, bool httpOnly, bool secure, DateTime? expires) : base(name, value, httpOnly, secure, expires)
{
}
public override string ToString()
{
return base.ToString() + "; SameSite=Strict";
}
}
}