56 lines
1.4 KiB
Go
56 lines
1.4 KiB
Go
package cookies
|
|
|
|
import (
|
|
"fmt"
|
|
"net"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
|
|
requestutil "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/requests/util"
|
|
)
|
|
|
|
// GetCookieDomain returns the correct cookie domain given a list of domains
|
|
// by checking the X-Fowarded-Host and host header of an an http request
|
|
func GetCookieDomain(req *http.Request, cookieDomains []string) string {
|
|
host := requestutil.GetRequestHost(req)
|
|
for _, domain := range cookieDomains {
|
|
if strings.HasSuffix(host, domain) {
|
|
return domain
|
|
}
|
|
}
|
|
return ""
|
|
}
|
|
|
|
// Parse a valid http.SameSite value from a user supplied string for use of making cookies.
|
|
func ParseSameSite(v string) http.SameSite {
|
|
switch v {
|
|
case "lax":
|
|
return http.SameSiteLaxMode
|
|
case "strict":
|
|
return http.SameSiteStrictMode
|
|
case "none":
|
|
return http.SameSiteNoneMode
|
|
case "":
|
|
return 0
|
|
default:
|
|
panic(fmt.Sprintf("Invalid value for SameSite: %s", v))
|
|
}
|
|
}
|
|
|
|
// warnInvalidDomain logs a warning if the request host and cookie domain are
|
|
// mismatched.
|
|
func warnInvalidDomain(c *http.Cookie, req *http.Request) {
|
|
if c.Domain == "" {
|
|
return
|
|
}
|
|
|
|
host := requestutil.GetRequestHost(req)
|
|
if h, _, err := net.SplitHostPort(host); err == nil {
|
|
host = h
|
|
}
|
|
if !strings.HasSuffix(host, c.Domain) {
|
|
logger.Errorf("Warning: request host is %q but using configured cookie domain of %q", host, c.Domain)
|
|
}
|
|
}
|