devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity

fix(server): update comments for host & cookies

Browse Source
This commit is contained in:
Lakhan Samani 2022-09-28 10:36:56 +05:30
parent b1bc7b5370
commit f5323e0eec
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/cookie/cookie.go
View File

@ -30,6 +30,8 @@ func SetSession(gc *gin.Context, sessionID string) {
} }
// Use sameSite = lax by default // Use sameSite = lax by default
// Since app cookie can come from cross site it becomes important to set this in lax mode.
// Example person using custom UI on their app domain and making request to authorizer domain.
// For more information check: // For more information check:
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
// https://github.com/gin-gonic/gin/blob/master/context.go#L86 // https://github.com/gin-gonic/gin/blob/master/context.go#L86

4
server/parsers/url.go
View File

@ -11,8 +11,8 @@ import (
) )
// GetHost returns hostname from request context // GetHost returns hostname from request context
// if X-Authorizer-URL header is set it is given highest priority // if EnvKeyAuthorizerURL is set it is given highest priority.
// if EnvKeyAuthorizerURL is set it is given second highest priority. // if X-Authorizer-URL header is set it is given second highest priority
// if above 2 are not set the requesting host name is used // if above 2 are not set the requesting host name is used
func GetHost(c *gin.Context) string { func GetHost(c *gin.Context) string {
authorizerURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAuthorizerURL) authorizerURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAuthorizerURL)