fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 17:21:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix #1885 disable SameSite=None if SSL session is not used

Browse source
This commit is contained in:
Kijin Sung 2022-03-22 00:24:54 +09:00
parent 46136660a8
commit 4a2b494508
2 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
modules/admin/admin.admin.controller.php
View file

@ -758,9 +758,16 @@ class adminAdminController extends admin
throw new Rhymix\Framework\Exception('msg_current_ip_will_be_denied');
}
$site_module_info = Context::get('site_module_info');
$vars->use_samesite = preg_replace('/[^a-zA-Z]/', '', $vars->use_samesite);
if ($vars->use_samesite === 'None' && ($vars->use_session_ssl !== 'Y' || $site_module_info->security !== 'always'))
{
$vars->use_samesite = '';
}
Rhymix\Framework\Config::set('admin.allow', array_values($allowed_ip));
Rhymix\Framework\Config::set('admin.deny', array_values($denied_ip));
Rhymix\Framework\Config::set('session.samesite', preg_replace('/[^a-zA-Z]/', '', $vars->use_samesite));
Rhymix\Framework\Config::set('session.samesite', $vars->use_samesite);
Rhymix\Framework\Config::set('session.use_keys', $vars->use_session_keys === 'Y');
Rhymix\Framework\Config::set('session.use_ssl', $vars->use_session_ssl === 'Y');
Rhymix\Framework\Config::set('session.use_ssl_cookies', $vars->use_cookies_ssl === 'Y');

2
modules/admin/tpl/config_security.html
View file

@ -50,7 +50,7 @@
<div class="x_controls">
<label for="use_samesite_strict" class="x_inline"><input type="radio" name="use_samesite" id="use_samesite_strict" value="Strict" checked="checked"|cond="$use_samesite === 'Strict'" /> Strict</label>
<label for="use_samesite_lax" class="x_inline"><input type="radio" name="use_samesite" id="use_samesite_lax" value="Lax" checked="checked"|cond="$use_samesite === 'Lax'" /> Lax</label>
<label for="use_samesite_none" class="x_inline"><input type="radio" name="use_samesite" id="use_samesite_none" value="None" checked="checked"|cond="$use_samesite === 'None'" /> None</label>
<label for="use_samesite_none" class="x_inline"><input type="radio" name="use_samesite" id="use_samesite_none" value="None" checked="checked"|cond="$use_samesite === 'None'" disabled="disabled"|cond="!$use_session_ssl || $site_module_info->security !== 'always'" /> None</label>
<label for="use_samesite_empty" class="x_inline"><input type="radio" name="use_samesite" id="use_samesite_empty" value="" checked="checked"|cond="!$use_samesite" /> {$lang->use_samesite_empty}</label>
<br />
<p class="x_help-block">{$lang->about_use_samesite}</p>