Merge pull request #486 from codimd/feature/cookie-policy

author: David Mehren 2020-09-25 22:39:30 +0200
committer: GitHub 2020-09-25 22:39:30 +0200
commit: 3461993ee05d09106e276e606b143d472908b166 (patch)
tree: c17c788b6f39f3ae91e249f48cc653b3d13b6c0b /lib
parent: f862b7a1e44c1101a921f19bca4d8d8063eb25ce (diff)
parent: 4ece86f0efa1f8f3e4dab0abf810800a045ce632 (diff)
4 files changed, 9 insertions, 1 deletions
diff --git a/lib/config/default.js b/lib/config/default.js
index 9284882a..38bb164b 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -27,6 +27,7 @@ module.exports = {
     upgradeInsecureRequests: 'auto',
     reportURI: undefined
   },
+  cookiePolicy: 'lax',
   protocolUseSSL: false,
   useCDN: false,
   allowAnonymous: true,
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 2d76286f..cf9fb5a1 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -22,6 +22,7 @@ module.exports = {
     enable: toBooleanConfig(process.env.CMD_CSP_ENABLE),
     reportURI: process.env.CMD_CSP_REPORTURI
   },
+  cookiePolicy: process.env.CMD_COOKIE_POLICY,
   protocolUseSSL: toBooleanConfig(process.env.CMD_PROTOCOL_USESSL),
   allowOrigin: toArrayConfig(process.env.CMD_ALLOW_ORIGIN),
   useCDN: toBooleanConfig(process.env.CMD_USECDN),
diff --git a/lib/config/index.js b/lib/config/index.js
index ee4817b3..b5461a8d 100644
--- a/lib/config/index.js
+++ b/lib/config/index.js
@@ -51,6 +51,11 @@ if (['debug', 'verbose', 'info', 'warn', 'error'].includes(config.loglevel)) {
   logger.error('Selected loglevel %s doesn\'t exist, using default level \'debug\'. Available options: debug, verbose, info, warn, error', config.loglevel)
 }
 
+if (!['strict', 'lax', 'none'].includes(config.cookiePolicy)) {
+  logger.error('Cookie SameSite policy %s does not exist. Falling back to lax. Available values are: strict, lax, none.', config.cookiePolicy)
+  config.cookiePolicy = 'lax'
+}
+
 // load LDAP CA
 if (config.ldap.tlsca) {
   let ca = config.ldap.tlsca.split(',')
diff --git a/lib/web/statusRouter.js b/lib/web/statusRouter.js
index 025aafd4..febe2df3 100644
--- a/lib/web/statusRouter.js
+++ b/lib/web/statusRouter.js
@@ -97,7 +97,8 @@ statusRouter.get('/config', function (req, res) {
     version: config.fullversion,
     DROPBOX_APP_KEY: config.dropbox.appKey,
     allowedUploadMimeTypes: config.allowedUploadMimeTypes,
-    linkifyHeaderStyle: config.linkifyHeaderStyle
+    linkifyHeaderStyle: config.linkifyHeaderStyle,
+    cookiePolicy: config.cookiePolicy
   }
   res.set({
     'Cache-Control': 'private', // only cache by client
author	David Mehren	2020-09-25 22:39:30 +0200
committer	GitHub	2020-09-25 22:39:30 +0200
commit	3461993ee05d09106e276e606b143d472908b166 (patch)
tree	c17c788b6f39f3ae91e249f48cc653b3d13b6c0b /lib
parent	f862b7a1e44c1101a921f19bca4d8d8063eb25ce (diff)
parent	4ece86f0efa1f8f3e4dab0abf810800a045ce632 (diff)