GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'cookie-httponly' into 'master'

Browse Source 
Added HttpOnly flag to cookie

See merge request openconnect/ocserv!258
This commit is contained in:
Alan Jowett
2021-02-22 16:25:42 +00:00
parent 3e47d192ed 90e08cc12d
commit 25e899017a
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/worker-auth.c
View File

@@ -248,7 +248,7 @@ int get_auth_handler2(worker_st * ws, unsigned http_ver, const char *pmsg, unsig
ret =
cstp_printf(ws,
"Set-Cookie: webvpncontext=%s; Max-Age=%u; Secure\r\n",
"Set-Cookie: webvpncontext=%s; Max-Age=%u; Secure; HttpOnly\r\n",
context, (unsigned)WSCONFIG(ws)->cookie_timeout);
if (ret < 0)
return -1;
@@ -257,7 +257,7 @@ int get_auth_handler2(worker_st * ws, unsigned http_ver, const char *pmsg, unsig
} else {
ret =
cstp_puts(ws,
"Set-Cookie: webvpncontext=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; Secure\r\n");
"Set-Cookie: webvpncontext=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; Secure; HttpOnly\r\n");
if (ret < 0)
return -1;
}
@@ -1068,7 +1068,7 @@ int post_common_handler(worker_st * ws, unsigned http_ver, const char *imsg)
ret =
cstp_printf(ws,
"Set-Cookie: webvpncontext=%s; Secure\r\n",
"Set-Cookie: webvpncontext=%s; Secure; HttpOnly\r\n",
context);
if (ret < 0)
goto fail;
@@ -1078,14 +1078,14 @@ int post_common_handler(worker_st * ws, unsigned http_ver, const char *imsg)
ret =
cstp_printf(ws,
"Set-Cookie: webvpn=%s; Secure\r\n",
"Set-Cookie: webvpn=%s; Secure; HttpOnly\r\n",
str_cookie);
if (ret < 0)
goto fail;
ret =
cstp_puts(ws,
"Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; Secure\r\n");
"Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; Secure; HttpOnly\r\n");
if (ret < 0)
goto fail;
@@ -1093,14 +1093,14 @@ int post_common_handler(worker_st * ws, unsigned http_ver, const char *imsg)
if (WSCONFIG(ws)->xml_config_file) {
ret =
cstp_printf(ws,
"Set-Cookie: webvpnc=bu:/&p:t&iu:1/&sh:%s&lu:/+CSCOT+/translation-table?textdomain%%3DAnyConnect%%26type%%3Dmanifest&fu:profiles%%2F%s&fh:%s; path=/; Secure\r\n",
"Set-Cookie: webvpnc=bu:/&p:t&iu:1/&sh:%s&lu:/+CSCOT+/translation-table?textdomain%%3DAnyConnect%%26type%%3Dmanifest&fu:profiles%%2F%s&fh:%s; path=/; Secure; HttpOnly\r\n",
WSPCONFIG(ws)->cert_hash,
WSCONFIG(ws)->xml_config_file,
WSCONFIG(ws)->xml_config_hash);
} else {
ret =
cstp_printf(ws,
"Set-Cookie: webvpnc=bu:/&p:t&iu:1/&sh:%s; path=/; Secure\r\n",
"Set-Cookie: webvpnc=bu:/&p:t&iu:1/&sh:%s; path=/; Secure; HttpOnly\r\n",
WSPCONFIG(ws)->cert_hash);
}
#endif