sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #51657 from SBizienFilippiPEReN/cookie-domain 

cookie_domain config option for setting cookie on a wider domain
pull/53369/head
Andy Scherzinger 2025-06-17 07:00:40 +07:00 committed by GitHub
parent b69f04177b a14cade3ac
commit 6f2fbef490
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 26 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
config/config.sample.php
Unescape Escape View File

@ -87,6 +87,14 @@ $CONFIG = [
'[2001:db8::1]'
],
/**
* The validity domain for cookies, for example '' (cookies will be sent only
* the domain that defined it, e.g. 'demo.example.org'), 'demo.example.org'
* (cookies will be valid for the domain and all subdomains), ...
*
* Defaults to '' (safe option)
*/
'cookie_domain' => '',
/**
* Where user files are stored. The SQLite database is also stored here, when

6
lib/base.php
Unescape Escape View File

@ -393,6 +393,12 @@ class OC {
$cookie_path = OC::$WEBROOT ? : '/';
ini_set('session.cookie_path', $cookie_path);
// set the cookie domain to the Nextcloud domain
$cookie_domain = self::$config->getValue('cookie_domain', '');
if ($cookie_domain) {
ini_set('session.cookie_domain', $cookie_domain);
}
// Let the session name be changed in the initSession Hook
$sessionName = OC_Util::getInstanceId();

2
lib/private/Session/CryptoWrapper.php
Unescape Escape View File

@ -59,7 +59,7 @@ class CryptoWrapper {
[
'expires' => 0,
'path' => $webRoot,
'domain' => '',
'domain' => \OCP\Server::get(\OCP\IConfig::class)->getSystemValueString('cookie_domain'),
'secure' => $secureCookie,
'httponly' => true,
'samesite' => 'Lax',

20
lib/private/User/Session.php
Unescape Escape View File

@ -967,6 +967,7 @@ class Session implements IUserSession, Emitter {
if ($webRoot === '') {
$webRoot = '/';
}
$domain = $this->config->getSystemValueString('cookie_domain');
$maxAge = $this->config->getSystemValueInt('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
\OC\Http\CookieHelper::setCookie(
@ -974,7 +975,7 @@ class Session implements IUserSession, Emitter {
$username,
$maxAge,
$webRoot,
'',
$domain,
$secureCookie,
true,
\OC\Http\CookieHelper::SAMESITE_LAX
@ -984,7 +985,7 @@ class Session implements IUserSession, Emitter {
$token,
$maxAge,
$webRoot,
'',
$domain,
$secureCookie,
true,
\OC\Http\CookieHelper::SAMESITE_LAX
@ -995,7 +996,7 @@ class Session implements IUserSession, Emitter {
$this->session->getId(),
$maxAge,
$webRoot,
'',
$domain,
$secureCookie,
true,
\OC\Http\CookieHelper::SAMESITE_LAX
@ -1011,18 +1012,19 @@ class Session implements IUserSession, Emitter {
public function unsetMagicInCookie() {
//TODO: DI for cookies and IRequest
$secureCookie = OC::$server->getRequest()->getServerProtocol() === 'https';
$domain = $this->config->getSystemValueString('cookie_domain');
unset($_COOKIE['nc_username']); //TODO: DI
unset($_COOKIE['nc_token']);
unset($_COOKIE['nc_session_id']);
setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, $domain, $secureCookie, true);
setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, $domain, $secureCookie, true);
setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, $domain, $secureCookie, true);
// old cookies might be stored under /webroot/ instead of /webroot
// and Firefox doesn't like it!
setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', $domain, $secureCookie, true);
setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', $domain, $secureCookie, true);
setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', $domain, $secureCookie, true);
}
/**