External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-06 17:07:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

Add ability to set SameSite policy for userLoggedIn cookie (#15100)

Browse Source 
* Add ability to set SameSite policy for userLoggedIn cookie

* reformat line for linter
This commit is contained in:
Michael Tipton
2024-04-24 15:44:31 -04:00
committed by GitHub
parent 47a061eb39
commit f5f85666c8
3 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/api/generics.py
View File

@@ -95,7 +95,9 @@ class LoggedLoginView(auth_views.LoginView):
ret = super(LoggedLoginView, self).post(request, *args, **kwargs) ret = super(LoggedLoginView, self).post(request, *args, **kwargs)
if request.user.is_authenticated: if request.user.is_authenticated:
logger.info(smart_str(u"User {} logged in from {}".format(self.request.user.username, request.META.get('REMOTE_ADDR', None)))) logger.info(smart_str(u"User {} logged in from {}".format(self.request.user.username, request.META.get('REMOTE_ADDR', None))))
ret.set_cookie('userLoggedIn', 'true', secure=getattr(settings, 'SESSION_COOKIE_SECURE', False)) ret.set_cookie(
'userLoggedIn', 'true', secure=getattr(settings, 'SESSION_COOKIE_SECURE', False), samesite=getattr(settings, 'USER_COOKIE_SAMESITE', 'Lax')
)
ret.setdefault('X-API-Session-Cookie-Name', getattr(settings, 'SESSION_COOKIE_NAME', 'awx_sessionid')) ret.setdefault('X-API-Session-Cookie-Name', getattr(settings, 'SESSION_COOKIE_NAME', 'awx_sessionid'))
return ret return ret

3
awx/settings/defaults.py
View File

@@ -277,6 +277,9 @@ SESSION_COOKIE_SECURE = True
# Note: This setting may be overridden by database settings. # Note: This setting may be overridden by database settings.
SESSION_COOKIE_AGE = 1800 SESSION_COOKIE_AGE = 1800
# Option to change userLoggedIn cookie SameSite policy.
USER_COOKIE_SAMESITE = 'Lax'
# Name of the cookie that contains the session information. # Name of the cookie that contains the session information.
# Note: Changing this value may require changes to any clients. # Note: Changing this value may require changes to any clients.
SESSION_COOKIE_NAME = 'awx_sessionid' SESSION_COOKIE_NAME = 'awx_sessionid'

4
awx/sso/views.py
View File

@@ -38,7 +38,9 @@ class CompleteView(BaseRedirectView):
response = super(CompleteView, self).dispatch(request, *args, **kwargs) response = super(CompleteView, self).dispatch(request, *args, **kwargs)
if self.request.user and self.request.user.is_authenticated: if self.request.user and self.request.user.is_authenticated:
logger.info(smart_str(u"User {} logged in".format(self.request.user.username))) logger.info(smart_str(u"User {} logged in".format(self.request.user.username)))
response.set_cookie('userLoggedIn', 'true', secure=getattr(settings, 'SESSION_COOKIE_SECURE', False)) response.set_cookie(
'userLoggedIn', 'true', secure=getattr(settings, 'SESSION_COOKIE_SECURE', False), samesite=getattr(settings, 'USER_COOKIE_SAMESITE', 'Lax')
)
response.setdefault('X-API-Session-Cookie-Name', getattr(settings, 'SESSION_COOKIE_NAME', 'awx_sessionid')) response.setdefault('X-API-Session-Cookie-Name', getattr(settings, 'SESSION_COOKIE_NAME', 'awx_sessionid'))
return response return response