mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-06-23 04:10:20 +00:00
Fix SSO Cookie path (#7187)
Trivy / Trivy Scan (push) Has been cancelled
Build / Build and Test msrv (push) Has been cancelled
Build / Build and Test rust-toolchain (push) Has been cancelled
Check templates / Validate docker templates (push) Has been cancelled
Hadolint / Validate Dockerfile syntax (push) Has been cancelled
Code Spell Checking / Run typos spell checking (push) Has been cancelled
Security Analysis with zizmor / Run zizmor (push) Has been cancelled
Release / Build Vaultwarden containers (amd64, alpine) (push) Has been cancelled
Release / Build Vaultwarden containers (amd64, debian) (push) Has been cancelled
Release / Build Vaultwarden containers (arm/v6, alpine) (push) Has been cancelled
Release / Build Vaultwarden containers (arm/v6, debian) (push) Has been cancelled
Release / Build Vaultwarden containers (arm/v7, alpine) (push) Has been cancelled
Release / Build Vaultwarden containers (arm/v7, debian) (push) Has been cancelled
Release / Build Vaultwarden containers (arm64, alpine) (push) Has been cancelled
Release / Build Vaultwarden containers (arm64, debian) (push) Has been cancelled
Release / Merge manifests (alpine) (push) Has been cancelled
Release / Merge manifests (debian) (push) Has been cancelled
Trivy / Trivy Scan (push) Has been cancelled
Build / Build and Test msrv (push) Has been cancelled
Build / Build and Test rust-toolchain (push) Has been cancelled
Check templates / Validate docker templates (push) Has been cancelled
Hadolint / Validate Dockerfile syntax (push) Has been cancelled
Code Spell Checking / Run typos spell checking (push) Has been cancelled
Security Analysis with zizmor / Run zizmor (push) Has been cancelled
Release / Build Vaultwarden containers (amd64, alpine) (push) Has been cancelled
Release / Build Vaultwarden containers (amd64, debian) (push) Has been cancelled
Release / Build Vaultwarden containers (arm/v6, alpine) (push) Has been cancelled
Release / Build Vaultwarden containers (arm/v6, debian) (push) Has been cancelled
Release / Build Vaultwarden containers (arm/v7, alpine) (push) Has been cancelled
Release / Build Vaultwarden containers (arm/v7, debian) (push) Has been cancelled
Release / Build Vaultwarden containers (arm64, alpine) (push) Has been cancelled
Release / Build Vaultwarden containers (arm64, debian) (push) Has been cancelled
Release / Merge manifests (alpine) (push) Has been cancelled
Release / Merge manifests (debian) (push) Has been cancelled
Signed-off-by: BlackDex <black.dex@gmail.com>
This commit is contained in:
Mathijs van Veluw
committed by
GitHub
GitHub
parent
cdf711bb30
commit
9bc14e6e77
+3
-2
@@ -1222,7 +1222,8 @@ async fn _oidcsignin_redirect(
|
||||
(Some(expected), Some(actual)) if crypto::ct_eq(expected, actual) => {}
|
||||
_ => err!(format!("SSO session binding mismatch for {state}")),
|
||||
}
|
||||
cookies.remove(Cookie::build(SSO_BINDING_COOKIE).path("/identity/connect/").build());
|
||||
cookies
|
||||
.remove(Cookie::build(SSO_BINDING_COOKIE).path(format!("{}/identity/connect/", CONFIG.domain_path())).build());
|
||||
|
||||
sso_auth.code_response = Some(code_response);
|
||||
sso_auth.updated_at = Utc::now().naive_utc();
|
||||
@@ -1294,7 +1295,7 @@ async fn authorize(data: AuthorizeData, cookies: &CookieJar<'_>, secure: Secure,
|
||||
|
||||
cookies.add(
|
||||
Cookie::build((SSO_BINDING_COOKIE, binding_token))
|
||||
.path("/identity/connect/")
|
||||
.path(format!("{}/identity/connect/", CONFIG.domain_path()))
|
||||
.max_age(time::Duration::seconds(sso::SSO_AUTH_EXPIRATION.num_seconds()))
|
||||
.same_site(SameSite::Lax) // Lax is needed because the IdP runs on a different FQDN
|
||||
.http_only(true)
|
||||
|
||||
Reference in New Issue
Block a user