Skip to content

Commit

Permalink
set SameSite cookie attribute to lax for CV and NONCE
Browse files Browse the repository at this point in the history 
This enables authentication that isn't embeded into the same site.
e.g. changing host to Okta to log in, then back to site once authenticated.
  • Loading branch information
@SiCoe
SiCoe committed Oct 3, 2023
1 parent 59cdf41 commit 5824dc9
Show file tree
Hide file tree
Showing 3 changed files with 57 additions and 19 deletions.
14 changes: 12 additions & 2 deletions authn/github.index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,12 @@ function redirect(request, headers, callback) {
}],
"set-cookie" : [{
"key": "Set-Cookie",
"value" : cookie.serialize('TOKEN', '', { path: '/', expires: new Date(1970, 1, 1, 0, 0, 0, 0) })
"value" : cookie.serialize('TOKEN', '', {
path: '/',
expires: new Date(1970, 1, 1, 0, 0, 0, 0),
sameSite: 'strict',
secure: true
})
}],
},
};
Expand All @@ -180,7 +185,12 @@ function unauthorized(body, callback) {
}],
"set-cookie" : [{
"key": "Set-Cookie",
"value" : cookie.serialize('TOKEN', '', { path: '/', expires: new Date(1970, 1, 1, 0, 0, 0, 0) })
"value" : cookie.serialize('TOKEN', '', {
path: '/',
expires: new Date(1970, 1, 1, 0, 0, 0, 0),
sameSite: 'strict',
secure: true
})
}],
},
};
Expand Down
30 changes: 22 additions & 8 deletions authn/openid.index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,9 @@ function mainProcess(event, context, callback) {
"key": "Set-Cookie",
"value" : cookie.serialize('NONCE', '', {
path: '/',
expires: new Date(1970, 1, 1, 0, 0, 0, 0)
expires: new Date(1970, 1, 1, 0, 0, 0, 0),
sameSite: 'lax',
secure: true
})
}
],
Expand Down Expand Up @@ -240,21 +242,27 @@ function mainProcess(event, context, callback) {
"key": "Set-Cookie",
"value" : cookie.serialize('TOKEN', '', {
path: '/',
expires: new Date(1970, 1, 1, 0, 0, 0, 0)
expires: new Date(1970, 1, 1, 0, 0, 0, 0),
sameSite: 'strict',
secure: true
})
},
{
"key": "Set-Cookie",
"value" : cookie.serialize('CV', '', {
path: '/',
expires: new Date(1970, 1, 1, 0, 0, 0, 0)
expires: new Date(1970, 1, 1, 0, 0, 0, 0),
sameSite: 'lax',
secure: true
})
},
{
"key": "Set-Cookie",
"value" : cookie.serialize('NONCE', '', {
path: '/',
expires: new Date(1970, 1, 1, 0, 0, 0, 0)
expires: new Date(1970, 1, 1, 0, 0, 0, 0),
sameSite: 'lax',
secure: true
})
}
],
Expand Down Expand Up @@ -318,15 +326,17 @@ function redirect(request, headers, callback) {
"key": "Set-Cookie",
"value" : cookie.serialize('TOKEN', '', {
path: '/',
expires: new Date(1970, 1, 1, 0, 0, 0, 0)
expires: new Date(1970, 1, 1, 0, 0, 0, 0),
sameSite: 'strict',
secure: true
})
},
{
"key": "Set-Cookie",
"value" : cookie.serialize('NONCE', n[1], {
path: '/',
httpOnly: true,
sameSite: 'strict',
sameSite: 'lax',
secure: true
})
}
Expand Down Expand Up @@ -370,14 +380,18 @@ function unauthorized(error, error_description, error_uri, callback) {
"key": "Set-Cookie",
"value" : cookie.serialize('TOKEN', '', {
path: '/',
expires: new Date(1970, 1, 1, 0, 0, 0, 0)
expires: new Date(1970, 1, 1, 0, 0, 0, 0),
sameSite: 'strict',
secure: true
})
},
{
"key": "Set-Cookie",
"value" : cookie.serialize('NONCE', '', {
path: '/',
expires: new Date(1970, 1, 1, 0, 0, 0, 0)
expires: new Date(1970, 1, 1, 0, 0, 0, 0),
sameSite: 'lax',
secure: true
})
}
],
Expand Down
32 changes: 23 additions & 9 deletions authn/pkce.index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,9 @@ function mainProcess(event, context, callback) {
"key": "Set-Cookie",
"value" : cookie.serialize('NONCE', '', {
path: '/',
expires: new Date(1970, 1, 1, 0, 0, 0, 0)
expires: new Date(1970, 1, 1, 0, 0, 0, 0),
sameSite: 'lax',
secure: true
})
}
],
Expand Down Expand Up @@ -239,21 +241,27 @@ function mainProcess(event, context, callback) {
"key": "Set-Cookie",
"value" : cookie.serialize('TOKEN', '', {
path: '/',
expires: new Date(1970, 1, 1, 0, 0, 0, 0)
expires: new Date(1970, 1, 1, 0, 0, 0, 0),
sameSite: 'strict',
secure: true
})
},
{
"key": "Set-Cookie",
"value" : cookie.serialize('CV', '', {
path: '/',
expires: new Date(1970, 1, 1, 0, 0, 0, 0)
expires: new Date(1970, 1, 1, 0, 0, 0, 0),
sameSite: 'lax',
secure: true
})
},
{
"key": "Set-Cookie",
"value" : cookie.serialize('NONCE', '', {
path: '/',
expires: new Date(1970, 1, 1, 0, 0, 0, 0)
expires: new Date(1970, 1, 1, 0, 0, 0, 0),
sameSite: 'lax',
secure: true
})
}
],
Expand Down Expand Up @@ -332,15 +340,17 @@ function redirect(request, headers, callback) {
"key": "Set-Cookie",
"value" : cookie.serialize('TOKEN', '', {
path: '/',
expires: new Date(1970, 1, 1, 0, 0, 0, 0)
expires: new Date(1970, 1, 1, 0, 0, 0, 0),
sameSite: 'strict',
secure: true
})
},
{
"key": "Set-Cookie",
"value" : cookie.serialize('NONCE', n[1], {
path: '/',
httpOnly: true,
sameSite: 'strict',
sameSite: 'lax',
secure: true
})
},
Expand All @@ -349,7 +359,7 @@ function redirect(request, headers, callback) {
"value" : cookie.serialize('CV', challenge[0], {
path: '/',
httpOnly: true,
sameSite: 'strict',
sameSite: 'lax',
secure: true
})
}
Expand Down Expand Up @@ -394,14 +404,18 @@ function unauthorized(error, error_description, error_uri, callback) {
"key": "Set-Cookie",
"value" : cookie.serialize('TOKEN', '', {
path: '/',
expires: new Date(1970, 1, 1, 0, 0, 0, 0)
expires: new Date(1970, 1, 1, 0, 0, 0, 0),
sameSite: 'strict',
secure: true
})
},
{
"key": "Set-Cookie",
"value" : cookie.serialize('NONCE', '', {
path: '/',
expires: new Date(1970, 1, 1, 0, 0, 0, 0)
expires: new Date(1970, 1, 1, 0, 0, 0, 0),
sameSite: 'lax',
secure: true
})
}
],
Expand Down

0 comments on commit 5824dc9

Please sign in to comment.