github/lidarr
1
0
Fork 0
mirror of https://github.com/lidarr/lidarr.git synced 2025-08-20 05:23:31 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fixed: Set SameSite=Strict for SonarrAuth cookie

Browse source 
Closes #2060

(cherry picked from commit 675c72f02e7565a937b40c23ec27df6d86f95dc3)
This commit is contained in:
Mark McDowall 2021-03-07 15:10:56 -08:00 committed by Qstick
commit 9c83e20b88
2 changed files with 39 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/Lidarr.Http/Authentication/EnableAuthInNancy.cs
View file

@ -6,7 +6,6 @@ using Nancy;
using Nancy.Authentication.Basic; using Nancy.Authentication.Basic;
using Nancy.Authentication.Forms; using Nancy.Authentication.Forms;
using Nancy.Bootstrapper; using Nancy.Bootstrapper;
using Nancy.Cookies;
using Nancy.Cryptography; using Nancy.Cryptography;
using NzbDrone.Common.EnvironmentInfo; using NzbDrone.Common.EnvironmentInfo;
using NzbDrone.Common.Extensions; using NzbDrone.Common.Extensions;
@ -118,7 +117,7 @@ namespace Lidarr.Http.Authentication
if (FormsAuthentication.DecryptAndValidateAuthenticationCookie(formsAuthCookieValue, _formsAuthConfig).IsNotNullOrWhiteSpace()) if (FormsAuthentication.DecryptAndValidateAuthenticationCookie(formsAuthCookieValue, _formsAuthConfig).IsNotNullOrWhiteSpace())
{ {
var formsAuthCookie = new NancyCookie(formsAuthCookieName, formsAuthCookieValue, true, false, DateTime.UtcNow.AddDays(7)) var formsAuthCookie = new LidarrNancyCookie(formsAuthCookieName, formsAuthCookieValue, true, false, DateTime.UtcNow.AddDays(7))
{ {
Path = GetCookiePath() Path = GetCookiePath()
}; };

38
src/Lidarr.Http/Authentication/LidarrNancyCookie.cs Normal file
View file

@ -0,0 +1,38 @@
using System;
using Nancy.Cookies;
namespace Lidarr.Http.Authentication
{
public class LidarrNancyCookie : NancyCookie
{
public LidarrNancyCookie(string name, string value)
: base(name, value)
{
}
public LidarrNancyCookie(string name, string value, DateTime expires)
: base(name, value, expires)
{
}
public LidarrNancyCookie(string name, string value, bool httpOnly)
: base(name, value, httpOnly)
{
}
public LidarrNancyCookie(string name, string value, bool httpOnly, bool secure)
: base(name, value, httpOnly, secure)
{
}
public LidarrNancyCookie(string name, string value, bool httpOnly, bool secure, DateTime? expires)
: base(name, value, httpOnly, secure, expires)
{
}
public override string ToString()
{
return base.ToString() + "; SameSite=Strict";
}
}
}