mirror of
https://github.com/kataras/iris.git
synced 2025-03-15 04:06:25 +01:00
Fix/Disable session subdomain persistence on 127.0.0.1 and 0.0.0.0
This commit is contained in:
parent
386201f73a
commit
a5db711207
|
@ -72,9 +72,9 @@ type (
|
||||||
// Default 2 hours
|
// Default 2 hours
|
||||||
GcDuration time.Duration
|
GcDuration time.Duration
|
||||||
|
|
||||||
// DisableSubdomainPersistance set it to dissallow your iris subdomains to have access to the session cookie
|
// DisableSubdomainPersistence set it to dissallow your iris subdomains to have access to the session cookie
|
||||||
// defaults to false
|
// defaults to false
|
||||||
DisableSubdomainPersistance bool
|
DisableSubdomainPersistence bool
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -85,7 +85,7 @@ func DefaultSessions() Sessions {
|
||||||
Cookie: DefaultCookieName,
|
Cookie: DefaultCookieName,
|
||||||
Expires: CookieExpireNever,
|
Expires: CookieExpireNever,
|
||||||
GcDuration: DefaultSessionGcDuration,
|
GcDuration: DefaultSessionGcDuration,
|
||||||
DisableSubdomainPersistance: false,
|
DisableSubdomainPersistence: false,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -92,13 +92,18 @@ func (m *Manager) Start(ctx context.IContext) store.IStore {
|
||||||
cookie.SetKey(m.config.Cookie)
|
cookie.SetKey(m.config.Cookie)
|
||||||
cookie.SetValue(base64.URLEncoding.EncodeToString([]byte(sid)))
|
cookie.SetValue(base64.URLEncoding.EncodeToString([]byte(sid)))
|
||||||
cookie.SetPath("/")
|
cookie.SetPath("/")
|
||||||
if !m.config.DisableSubdomainPersistance {
|
if !m.config.DisableSubdomainPersistence {
|
||||||
requestDomain := ctx.HostString()
|
requestDomain := ctx.HostString()
|
||||||
// there is a problem with .localhost setted as the domain, so we check that first
|
if portIdx := strings.IndexByte(requestDomain, ':'); portIdx > 0 {
|
||||||
if strings.Count(requestDomain, ".") > 0 {
|
requestDomain = requestDomain[0:portIdx]
|
||||||
if portIdx := strings.IndexByte(requestDomain, ':'); portIdx > 0 {
|
}
|
||||||
requestDomain = requestDomain[0:portIdx]
|
if requestDomain == "0.0.0.0" || requestDomain == "127.0.0.1" {
|
||||||
}
|
// for these type of hosts, we can't allow subdomains persistance,
|
||||||
|
// the web browser doesn't understand the mysubdomain.0.0.0.0 and mysubdomain.127.0.0.1 as scorrectly ubdomains because of the many dots
|
||||||
|
cookie.SetDomain(requestDomain)
|
||||||
|
|
||||||
|
} else if strings.Count(requestDomain, ".") > 0 { // there is a problem with .localhost setted as the domain, so we check that first
|
||||||
|
|
||||||
// RFC2109, we allow level 1 subdomains, but no further
|
// RFC2109, we allow level 1 subdomains, but no further
|
||||||
// if we have localhost.com , we want the localhost.com.
|
// if we have localhost.com , we want the localhost.com.
|
||||||
// so if we have something like: mysubdomain.localhost.com we want the localhost here
|
// so if we have something like: mysubdomain.localhost.com we want the localhost here
|
||||||
|
@ -117,6 +122,7 @@ func (m *Manager) Start(ctx context.IContext) store.IStore {
|
||||||
requestDomain = strings.Replace(requestDomain, requestDomain[0:subdomainSuff], s, 1) // set to localhost.com || mysubdomain.localhost.com
|
requestDomain = strings.Replace(requestDomain, requestDomain[0:subdomainSuff], s, 1) // set to localhost.com || mysubdomain.localhost.com
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
println(requestDomain)
|
||||||
// finally set the .localhost.com (for(1-level) || .mysubdomain.localhost.com (for 2-level subdomain allow)
|
// finally set the .localhost.com (for(1-level) || .mysubdomain.localhost.com (for 2-level subdomain allow)
|
||||||
cookie.SetDomain("." + requestDomain) // . to allow persistance
|
cookie.SetDomain("." + requestDomain) // . to allow persistance
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user