diff options
| author | Michael Tipton <36353334+CastawayEGR@users.noreply.github.com> | 2024-04-24 21:44:31 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-24 21:44:31 +0200 |
| commit | f5f85666c80a92e2552769476935a46bc4644ccb (patch) | |
| tree | 4307e2eeb6a54fb1074a49b0297352cce3bcc372 | |
| parent | Fix and test data migration error from DAB RBAC (#15138) (diff) | |
| download | awx-f5f85666c80a92e2552769476935a46bc4644ccb.tar.xz awx-f5f85666c80a92e2552769476935a46bc4644ccb.zip | |
Add ability to set SameSite policy for userLoggedIn cookie (#15100)
* Add ability to set SameSite policy for userLoggedIn cookie
* reformat line for linter
| -rw-r--r-- | awx/api/generics.py | 4 | ||||
| -rw-r--r-- | awx/settings/defaults.py | 3 | ||||
| -rw-r--r-- | awx/sso/views.py | 4 |
3 files changed, 9 insertions, 2 deletions
diff --git a/awx/api/generics.py b/awx/api/generics.py index 7c7fda877e..c51470c1a4 100644 --- a/awx/api/generics.py +++ b/awx/api/generics.py @@ -95,7 +95,9 @@ class LoggedLoginView(auth_views.LoginView): ret = super(LoggedLoginView, self).post(request, *args, **kwargs) if request.user.is_authenticated: logger.info(smart_str(u"User {} logged in from {}".format(self.request.user.username, request.META.get('REMOTE_ADDR', None)))) - ret.set_cookie('userLoggedIn', 'true', secure=getattr(settings, 'SESSION_COOKIE_SECURE', False)) + ret.set_cookie( + 'userLoggedIn', 'true', secure=getattr(settings, 'SESSION_COOKIE_SECURE', False), samesite=getattr(settings, 'USER_COOKIE_SAMESITE', 'Lax') + ) ret.setdefault('X-API-Session-Cookie-Name', getattr(settings, 'SESSION_COOKIE_NAME', 'awx_sessionid')) return ret diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py index 751e419730..c927086354 100644 --- a/awx/settings/defaults.py +++ b/awx/settings/defaults.py @@ -277,6 +277,9 @@ SESSION_COOKIE_SECURE = True # Note: This setting may be overridden by database settings. SESSION_COOKIE_AGE = 1800 +# Option to change userLoggedIn cookie SameSite policy. +USER_COOKIE_SAMESITE = 'Lax' + # Name of the cookie that contains the session information. # Note: Changing this value may require changes to any clients. SESSION_COOKIE_NAME = 'awx_sessionid' diff --git a/awx/sso/views.py b/awx/sso/views.py index c23ee4428a..b6fd724df7 100644 --- a/awx/sso/views.py +++ b/awx/sso/views.py @@ -38,7 +38,9 @@ class CompleteView(BaseRedirectView): response = super(CompleteView, self).dispatch(request, *args, **kwargs) if self.request.user and self.request.user.is_authenticated: logger.info(smart_str(u"User {} logged in".format(self.request.user.username))) - response.set_cookie('userLoggedIn', 'true', secure=getattr(settings, 'SESSION_COOKIE_SECURE', False)) + response.set_cookie( + 'userLoggedIn', 'true', secure=getattr(settings, 'SESSION_COOKIE_SECURE', False), samesite=getattr(settings, 'USER_COOKIE_SAMESITE', 'Lax') + ) response.setdefault('X-API-Session-Cookie-Name', getattr(settings, 'SESSION_COOKIE_NAME', 'awx_sessionid')) return response |