summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Covener <covener@apache.org>2020-02-08 02:14:28 +0100
committerEric Covener <covener@apache.org>2020-02-08 02:14:28 +0100
commita98d6a4cd12380ebbd516071090297814b9d010f (patch)
tree3cc9743a5be69cfac29e09e5913b5926a7197759
parentfactor out TE=chunked checking (diff)
downloadapache2-a98d6a4cd12380ebbd516071090297814b9d010f.tar.xz
apache2-a98d6a4cd12380ebbd516071090297814b9d010f.zip
add SameSite to RewriteRule ... ... [CO]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1873762 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r--CHANGES3
-rw-r--r--docs/manual/mod/mod_rewrite.xml2
-rw-r--r--docs/manual/rewrite/flags.xml12
-rw-r--r--modules/mappers/mod_rewrite.c7
4 files changed, 20 insertions, 4 deletions
diff --git a/CHANGES b/CHANGES
index 821aff66d7..ef8c44db3f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.1
+ *) mod_rewrite: Extend the [CO] (cookie) flag of RewriteRule to accept a
+ SameSite attribute. [Eric Covener]
+
*) Update DOCTYPE tags in server-generated HTML. PR62989.
[Andra Farkas <deepbluemistake gmail.com>, Giovanni Bechis <giovanni paclan.it>]
diff --git a/docs/manual/mod/mod_rewrite.xml b/docs/manual/mod/mod_rewrite.xml
index 7e9963f58a..961c7c313f 100644
--- a/docs/manual/mod/mod_rewrite.xml
+++ b/docs/manual/mod/mod_rewrite.xml
@@ -1343,7 +1343,7 @@ cannot use <code>$N</code> in the substitution string!
<tr>
<td>cookie|CO=<em>NAME</em>:<em>VAL</em></td>
<td>Sets a cookie in the client browser. Full syntax is:
- CO=<em>NAME</em>:<em>VAL</em>:<em>domain</em>[:<em>lifetime</em>[:<em>path</em>[:<em>secure</em>[:<em>httponly</em>]]]] <em><a href="../rewrite/flags.html#flag_co">details ...</a></em>
+ CO=<em>NAME</em>:<em>VAL</em>:<em>domain</em>[:<em>lifetime</em>[:<em>path</em>[:<em>secure</em>[:<em>httponly</em>[<em>samesite</em>]]]]] <em><a href="../rewrite/flags.html#flag_co">details ...</a></em>
</td>
</tr>
<tr>
diff --git a/docs/manual/rewrite/flags.xml b/docs/manual/rewrite/flags.xml
index cd9fe971ca..67bf9cf99d 100644
--- a/docs/manual/rewrite/flags.xml
+++ b/docs/manual/rewrite/flags.xml
@@ -134,14 +134,14 @@ skipped.</p>
<section id="flag_co"><title>CO|cookie</title>
<p>The [CO], or [cookie] flag, allows you to set a cookie when a
particular <directive module="mod_rewrite">RewriteRule</directive>
-matches. The argument consists of three required fields and four optional
+matches. The argument consists of three required fields and five optional
fields.</p>
<p>The full syntax for the flag, including all attributes, is as
follows:</p>
<example>
-[CO=NAME:VALUE:DOMAIN:lifetime:path:secure:httponly]
+[CO=NAME:VALUE:DOMAIN:lifetime:path:secure:httponly:samesite]
</example>
<p>If a literal ':' character is needed in any of the cookie fields, an
@@ -150,7 +150,7 @@ alternate syntax is available. To opt-in to the alternate syntax, the cookie
specified as ';'.</p>
<example>
-[CO=;NAME;VALUE:MOREVALUE;DOMAIN;lifetime;path;secure;httponly]
+[CO=;NAME;VALUE:MOREVALUE;DOMAIN;lifetime;path;secure;httponly;samesite]
</example>
<p>You must declare a name, a value, and a domain for the cookie to be set.</p>
@@ -191,6 +191,12 @@ connections.</dd>
which means that the cookie is inaccessible to JavaScript code on
browsers that support this feature.</dd>
</dl>
+<dt>samesite</dt>
+<dd>If set to anything other than <code>0</code>, the <code>SameSite</code>
+attribute is set to the specified value. Typical values are <code>None</code>,
+<code>Lax</code>, and <code>Strict</code>.Available in 2.5.1 and later.</dd>
+</dl>
+
<p>Consider this example:</p>
diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index ad90d60dcf..f35752b0e1 100644
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -2581,6 +2581,7 @@ static void add_cookie(request_rec *r, char *s)
char *path;
char *secure;
char *httponly;
+ char *samesite;
char *tok_cntx;
char *cookie;
@@ -2615,6 +2616,7 @@ static void add_cookie(request_rec *r, char *s)
path = expires ? apr_strtok(NULL, sep, &tok_cntx) : NULL;
secure = path ? apr_strtok(NULL, sep, &tok_cntx) : NULL;
httponly = secure ? apr_strtok(NULL, sep, &tok_cntx) : NULL;
+ samesite = httponly ? apr_strtok(NULL, sep, &tok_cntx) : NULL;
if (expires) {
apr_time_exp_t tms;
@@ -2654,6 +2656,11 @@ static void add_cookie(request_rec *r, char *s)
"; HttpOnly" : NULL,
NULL);
+ if (samesite && !strcasecmp(samesite, "0")) {
+ cookie = apr_pstrcat(rmain->pool, cookie, "; SameSite=",
+ samesite, NULL);
+ }
+
apr_table_addn(rmain->err_headers_out, "Set-Cookie", cookie);
apr_pool_userdata_set("set", notename, NULL, rmain->pool);
rewritelog(rmain, 5, NULL, "setting cookie '%s'", cookie);