3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-03 16:59:22 +02:00
Code Issues Projects Releases Packages Wiki Activity

config: add cookie_same_site option (#4148)

Browse source
This commit is contained in:
Caleb Doxsey 2023-05-03 14:36:42 -06:00 committed by GitHub
parent facf9ab093
commit be0104b842
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
22 changed files with 562 additions and 423 deletions
Download patch file Download diff file Expand all files Collapse all files

60
config/options_test.go
View file

@ -6,6 +6,7 @@ import (
"encoding/base64"
"encoding/pem"
"fmt"
"net/http"
"net/url"
"os"
"path/filepath"
@ -19,6 +20,8 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/pomerium/csrf"
"github.com/pomerium/pomerium/internal/identity/oauth/apple"
"github.com/pomerium/pomerium/pkg/cryptutil"
"github.com/pomerium/pomerium/pkg/grpc/config"
)
@ -911,6 +914,63 @@ func TestOptions_GetCookieSecret(t *testing.T) {
})
}
func TestOptions_GetCookieSameSite(t *testing.T) {
t.Parallel()
for _, tc := range []struct {
input string
expected http.SameSite
}{
{"", http.SameSiteDefaultMode},
{"Lax", http.SameSiteLaxMode},
{"lax", http.SameSiteLaxMode},
{"Strict", http.SameSiteStrictMode},
{"strict", http.SameSiteStrictMode},
{"None", http.SameSiteNoneMode},
{"none", http.SameSiteNoneMode},
{"UnKnOwN", http.SameSiteDefaultMode},
} {
tc := tc
t.Run(tc.input, func(t *testing.T) {
t.Parallel()
o := NewDefaultOptions()
o.CookieSameSite = tc.input
assert.Equal(t, tc.expected, o.GetCookieSameSite())
})
}
}
func TestOptions_GetCSRFSameSite(t *testing.T) {
t.Parallel()
for _, tc := range []struct {
cookieSameSite string
provider string
expected csrf.SameSiteMode
}{
{"", "", csrf.SameSiteDefaultMode},
{"Lax", "", csrf.SameSiteLaxMode},
{"lax", "", csrf.SameSiteLaxMode},
{"Strict", "", csrf.SameSiteStrictMode},
{"strict", "", csrf.SameSiteStrictMode},
{"None", "", csrf.SameSiteNoneMode},
{"none", "", csrf.SameSiteNoneMode},
{"UnKnOwN", "", csrf.SameSiteDefaultMode},
{"", apple.Name, csrf.SameSiteNoneMode},
} {
tc := tc
t.Run(tc.cookieSameSite, func(t *testing.T) {
t.Parallel()
o := NewDefaultOptions()
o.CookieSameSite = tc.cookieSameSite
o.Provider = tc.provider
assert.Equal(t, tc.expected, o.GetCSRFSameSite())
})
}
}
func encodeCert(cert *tls.Certificate) []byte {
return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cert.Certificate[0]})
}