Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
ai
sso
Commits
14478bf7
Commit
14478bf7
authored
Feb 18, 2018
by
ale
Browse files
Fix login server origin, and prevent cookie duplication
parent
4b7b71ae
Changes
2
Hide whitespace changes
Inline
Side-by-side
src/mod_sso/mod_sso.c
View file @
14478bf7
...
...
@@ -398,10 +398,11 @@ static int mod_sso_method_handler(request_rec *r) {
ap_log_error
(
APLOG_MARK
,
APLOG_DEBUG
,
0
,
r
->
server
,
"sso: logout?
\"
%s
\"
\"
%s
\"
"
,
sso_logout_path
,
uri
);
if
(
!
strcmp
(
uri
,
sso_logout_path
))
{
char
*
login_server_origin
=
apr_pstrcat
(
r
->
pool
,
"https://"
,
s_cfg
->
login_server
,
NULL
);
modsso_del_cookie
(
r
,
sso_cookie_name
,
service_path
);
apr_table_setn
(
r
->
headers_out
,
"Access-Control-Allow-Origin"
,
s_cfg
->
login_server
);
apr_table_setn
(
r
->
headers_out
,
"Access-Control-Allow-Credentials"
,
"true"
);
apr_table_setn
(
r
->
headers_out
,
"Cache-Control"
,
"no-cache"
);
apr_table_setn
(
r
->
err_
headers_out
,
"Access-Control-Allow-Origin"
,
login_server
_origin
);
apr_table_setn
(
r
->
err_
headers_out
,
"Access-Control-Allow-Credentials"
,
"true"
);
apr_table_setn
(
r
->
err_
headers_out
,
"Cache-Control"
,
"no-cache"
);
return
http_sendstring
(
r
,
"OK"
);
}
...
...
src/mod_sso/sso_utils.c
View file @
14478bf7
...
...
@@ -219,7 +219,6 @@ void modsso_set_cookie(request_rec *r, const char *cookie_name,
const
char
*
rfc2109
;
rfc2109
=
apr_pstrcat
(
r
->
pool
,
cookie_name
,
"="
,
value
,
";Path="
,
path
,
";HttpOnly;Secure;Version=1"
,
NULL
);
apr_table_addn
(
r
->
headers_out
,
"Set-Cookie"
,
rfc2109
);
apr_table_addn
(
r
->
err_headers_out
,
"Set-Cookie"
,
rfc2109
);
}
...
...
@@ -228,7 +227,6 @@ void modsso_del_cookie(request_rec *r, const char *cookie_name, const char *path
const
char
*
rfc2109
;
rfc2109
=
apr_pstrcat
(
r
->
pool
,
cookie_name
,
"=;Path="
,
path
,
";Version=1;Expires=Thu, 01 Jan 1970 00:00:00 GMT"
,
NULL
);
apr_table_addn
(
r
->
headers_out
,
"Set-Cookie"
,
rfc2109
);
apr_table_addn
(
r
->
err_headers_out
,
"Set-Cookie"
,
rfc2109
);
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment