[2.1] CookieChunkingManager needs to flow the Secure attribute… (#17953)
This commit is contained in:
parent
164ddfd48b
commit
8211a1c313
|
|
@ -50,4 +50,10 @@ Later on, this will be checked using this condition:
|
||||||
Microsoft.AspNetCore.SignalR.Core;
|
Microsoft.AspNetCore.SignalR.Core;
|
||||||
</PackagesInPatch>
|
</PackagesInPatch>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition=" '$(VersionPrefix)' == '2.1.16' ">
|
||||||
|
<PackagesInPatch>
|
||||||
|
Microsoft.AspNetCore.Authentication.Cookies;
|
||||||
|
Microsoft.AspNetCore.Mvc.Core;
|
||||||
|
</PackagesInPatch>
|
||||||
|
</PropertyGroup>
|
||||||
</Project>
|
</Project>
|
||||||
|
|
|
||||||
|
|
@ -45,7 +45,7 @@ namespace OpenIdConnectSample
|
||||||
|
|
||||||
private void CheckSameSite(HttpContext httpContext, CookieOptions options)
|
private void CheckSameSite(HttpContext httpContext, CookieOptions options)
|
||||||
{
|
{
|
||||||
if (options.SameSite > (SameSiteMode)(-1))
|
if (options.SameSite == SameSiteMode.None)
|
||||||
{
|
{
|
||||||
var userAgent = httpContext.Request.Headers["User-Agent"].ToString();
|
var userAgent = httpContext.Request.Headers["User-Agent"].ToString();
|
||||||
// TODO: Use your User Agent library of choice here.
|
// TODO: Use your User Agent library of choice here.
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
// Copyright (c) .NET Foundation. All rights reserved.
|
// Copyright (c) .NET Foundation. All rights reserved.
|
||||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||||
|
|
||||||
using System;
|
using System;
|
||||||
|
|
@ -190,7 +190,7 @@ namespace Microsoft.AspNetCore.Authentication.WsFederation
|
||||||
response.EnsureSuccessStatusCode();
|
response.EnsureSuccessStatusCode();
|
||||||
|
|
||||||
var cookie = response.Headers.GetValues(HeaderNames.SetCookie).Single();
|
var cookie = response.Headers.GetValues(HeaderNames.SetCookie).Single();
|
||||||
Assert.Equal(".AspNetCore.Cookies=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax", cookie);
|
Assert.Equal(".AspNetCore.Cookies=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax; httponly", cookie);
|
||||||
Assert.Equal("OnRemoteSignOut", response.Headers.GetValues("EventHeader").Single());
|
Assert.Equal("OnRemoteSignOut", response.Headers.GetValues("EventHeader").Single());
|
||||||
Assert.Equal("", await response.Content.ReadAsStringAsync());
|
Assert.Equal("", await response.Content.ReadAsStringAsync());
|
||||||
}
|
}
|
||||||
|
|
@ -440,4 +440,4 @@ namespace Microsoft.AspNetCore.Authentication.WsFederation
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,29 @@ namespace Microsoft.AspNetCore.Internal
|
||||||
Assert.Equal("TestCookie=" + testString + "; path=/; samesite=lax", values[0]);
|
Assert.Equal("TestCookie=" + testString + "; path=/; samesite=lax", values[0]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public void AppendLargeCookie_WithOptions_Appended()
|
||||||
|
{
|
||||||
|
HttpContext context = new DefaultHttpContext();
|
||||||
|
var now = DateTimeOffset.UtcNow;
|
||||||
|
var options = new CookieOptions
|
||||||
|
{
|
||||||
|
Domain = "foo.com",
|
||||||
|
HttpOnly = true,
|
||||||
|
SameSite = SameSiteMode.Strict,
|
||||||
|
Path = "/bar",
|
||||||
|
Secure = true,
|
||||||
|
Expires = now.AddMinutes(5),
|
||||||
|
MaxAge = TimeSpan.FromMinutes(5)
|
||||||
|
};
|
||||||
|
var testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
|
||||||
|
new ChunkingCookieManager() { ChunkSize = null }.AppendResponseCookie(context, "TestCookie", testString, options);
|
||||||
|
|
||||||
|
var values = context.Response.Headers["Set-Cookie"];
|
||||||
|
Assert.Single(values);
|
||||||
|
Assert.Equal($"TestCookie={testString}; expires={now.AddMinutes(5).ToString("R")}; max-age=300; domain=foo.com; path=/bar; secure; samesite=strict; httponly", values[0]);
|
||||||
|
}
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
public void AppendLargeCookieWithLimit_Chunked()
|
public void AppendLargeCookieWithLimit_Chunked()
|
||||||
{
|
{
|
||||||
|
|
@ -112,19 +135,19 @@ namespace Microsoft.AspNetCore.Internal
|
||||||
HttpContext context = new DefaultHttpContext();
|
HttpContext context = new DefaultHttpContext();
|
||||||
context.Request.Headers.Append("Cookie", "TestCookie=chunks-7");
|
context.Request.Headers.Append("Cookie", "TestCookie=chunks-7");
|
||||||
|
|
||||||
new ChunkingCookieManager().DeleteCookie(context, "TestCookie", new CookieOptions() { Domain = "foo.com" });
|
new ChunkingCookieManager().DeleteCookie(context, "TestCookie", new CookieOptions() { Domain = "foo.com", Secure = true });
|
||||||
var cookies = context.Response.Headers["Set-Cookie"];
|
var cookies = context.Response.Headers["Set-Cookie"];
|
||||||
Assert.Equal(8, cookies.Count);
|
Assert.Equal(8, cookies.Count);
|
||||||
Assert.Equal(new[]
|
Assert.Equal(new[]
|
||||||
{
|
{
|
||||||
"TestCookie=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax",
|
"TestCookie=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure; samesite=lax",
|
||||||
"TestCookieC1=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax",
|
"TestCookieC1=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure; samesite=lax",
|
||||||
"TestCookieC2=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax",
|
"TestCookieC2=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure; samesite=lax",
|
||||||
"TestCookieC3=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax",
|
"TestCookieC3=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure; samesite=lax",
|
||||||
"TestCookieC4=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax",
|
"TestCookieC4=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure; samesite=lax",
|
||||||
"TestCookieC5=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax",
|
"TestCookieC5=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure; samesite=lax",
|
||||||
"TestCookieC6=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax",
|
"TestCookieC6=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure; samesite=lax",
|
||||||
"TestCookieC7=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax",
|
"TestCookieC7=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure; samesite=lax",
|
||||||
}, cookies);
|
}, cookies);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -169,6 +169,7 @@ namespace Microsoft.AspNetCore.Internal
|
||||||
HttpOnly = options.HttpOnly,
|
HttpOnly = options.HttpOnly,
|
||||||
Path = options.Path,
|
Path = options.Path,
|
||||||
Secure = options.Secure,
|
Secure = options.Secure,
|
||||||
|
MaxAge = options.MaxAge,
|
||||||
};
|
};
|
||||||
|
|
||||||
var templateLength = template.ToString().Length;
|
var templateLength = template.ToString().Length;
|
||||||
|
|
@ -285,8 +286,10 @@ namespace Microsoft.AspNetCore.Internal
|
||||||
Path = options.Path,
|
Path = options.Path,
|
||||||
Domain = options.Domain,
|
Domain = options.Domain,
|
||||||
SameSite = options.SameSite,
|
SameSite = options.SameSite,
|
||||||
|
Secure = options.Secure,
|
||||||
IsEssential = options.IsEssential,
|
IsEssential = options.IsEssential,
|
||||||
Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
|
Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
|
||||||
|
HttpOnly = options.HttpOnly,
|
||||||
});
|
});
|
||||||
|
|
||||||
for (int i = 1; i <= chunks; i++)
|
for (int i = 1; i <= chunks; i++)
|
||||||
|
|
@ -300,8 +303,10 @@ namespace Microsoft.AspNetCore.Internal
|
||||||
Path = options.Path,
|
Path = options.Path,
|
||||||
Domain = options.Domain,
|
Domain = options.Domain,
|
||||||
SameSite = options.SameSite,
|
SameSite = options.SameSite,
|
||||||
|
Secure = options.Secure,
|
||||||
IsEssential = options.IsEssential,
|
IsEssential = options.IsEssential,
|
||||||
Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
|
Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
|
||||||
|
HttpOnly = options.HttpOnly,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue