set oidc cookie same site

ManageIQ / manageiq-appliance

System files for the ManageIQ appliance.

Apache License 2.0

7 stars 50 forks source link

set oidc cookie same site #357

Closed kbrock closed 2 years ago

kbrock commented 2 years ago

Set the oidc cookie to have SameSite=true

It is best practices to leverage SameSite value in cookies

miq-bot commented 2 years ago

Checked commit https://github.com/kbrock/manageiq-appliance/commit/bbc050766c8ee4221644f666e23b92ba8986e1ee with ruby 2.6.7, rubocop 1.19.1, haml-lint 0.35.0, and yamllint 0 files checked, 0 offenses detected Everything looks fine. :star:

Fryguy commented 2 years ago

@kbrock can you also update the guides repo? https://github.com/ManageIQ/guides/blob/847ebec11a5e5e25712e27b3019099776b767b93/external_auth/oidc-httpd-configs/authentication.conf

kbrock commented 2 years ago

@kbrock can you also update the guides repo?

@Fryguy great idea https://github.com/ManageIQ/guides/pull/491

Also wonder if there is a way to generate this file directly from that other source. Or at least in the pod version of it. It would need be changed to handle the ignore ssl junk (via a parameter?) but other than that they are pretty similar

wonder if we can move towards a common templating engine. maybe erb is not the best choice in the cross language world.

Fryguy commented 2 years ago

Backported to najdorf in commit 0e616c0d00530bee130ef8f3cf8707ff6b5ac573.

commit 0e616c0d00530bee130ef8f3cf8707ff6b5ac573
Author: Jason Frey <fryguy9@gmail.com>
Date:   Mon Mar 7 09:52:05 2022 -0500

    Merge pull request #357 from kbrock/oidc_same_site

    set oidc cookie same site

    (cherry picked from commit ac4e3e9718a25328c0899c87b02e508452b49d9c)