Closed wrossmann closed 1 year ago
Thanks!
This merge fixes the issue for me. I've included a line in my Docker config to pull in the patched files from this commit: https://gitlab.com/conorab/k8s-sourcebanspp/-/commit/fc9e7ae584dc53eb0a3984262de71b6c7076c94b .
Description
Currently the cookie domain would be set to whatever the httpd's HTTP_HOST is. But in the case of web servers using non-standard ports, eg: foo.bar.com:8080, this would cause the cookie domain to also be set to foo.bar.com:8080.
The problem is that cookie domains do not account for ports, and subsequent requests will not send the cookie back because the domain that the browser wants is just
foo.bar.com
, notfoo.bar.com:8080
. The end result is that the browser does not send the authentication cookie on subsequent requests, and it appears that authentication simply doesn't work.This fork adds a simple
Host::cookieDomain()
wrapper aroundHost::domain()
to strip off the port, and replaces the relevant usages in the Auth class.Motivation and Context
Current behaviour is broken when SB web is run on a non-standard port.
How Has This Been Tested?
Mocked the Auth workflow locally.
Types of changes
Checklist: