feat: add session-cookie-secure annotation (#7399)
This commit is contained in:
Vincent LE GOFF
GitHub
parent
8a1a5e93c7
commit
f2e743f561
9 changed files with 50 additions and 18 deletions
|
|
@ -87,13 +87,18 @@ function _M.set_cookie(self, value)
|
|||
end
|
||||
end
|
||||
|
||||
local cookie_secure = self.cookie_session_affinity.secure
|
||||
if cookie_secure == nil then
|
||||
cookie_secure = ngx.var.https == "on"
|
||||
end
|
||||
|
||||
local cookie_data = {
|
||||
key = self:cookie_name(),
|
||||
value = value .. COOKIE_VALUE_DELIMITER .. self.backend_key,
|
||||
path = cookie_path,
|
||||
httponly = true,
|
||||
samesite = cookie_samesite,
|
||||
secure = ngx.var.https == "on",
|
||||
secure = cookie_secure,
|
||||
}
|
||||
|
||||
if self.cookie_session_affinity.expires and self.cookie_session_affinity.expires ~= "" then
|
||||
|
|
|
|||
|
|
@ -422,7 +422,7 @@ describe("Sticky", function()
|
|||
cookie.new = mocked_cookie_new
|
||||
end)
|
||||
|
||||
local function test_set_cookie_with(sticky_balancer_type, samesite, conditional_samesite_none, expected_path, expected_samesite)
|
||||
local function test_set_cookie_with(sticky_balancer_type, samesite, conditional_samesite_none, expected_path, expected_samesite, secure, expected_secure)
|
||||
local s = {}
|
||||
cookie.new = function(self)
|
||||
local cookie_instance = {
|
||||
|
|
@ -432,7 +432,7 @@ describe("Sticky", function()
|
|||
assert.equal(payload.samesite, expected_samesite)
|
||||
assert.equal(payload.domain, nil)
|
||||
assert.equal(payload.httponly, true)
|
||||
assert.equal(payload.secure, false)
|
||||
assert.equal(payload.secure, expected_secure)
|
||||
return true, nil
|
||||
end,
|
||||
get = function(k) return false end,
|
||||
|
|
@ -445,57 +445,61 @@ describe("Sticky", function()
|
|||
b.sessionAffinityConfig.cookieSessionAffinity.locations["test.com"] = {"/"}
|
||||
b.sessionAffinityConfig.cookieSessionAffinity.samesite = samesite
|
||||
b.sessionAffinityConfig.cookieSessionAffinity.conditional_samesite_none = conditional_samesite_none
|
||||
b.sessionAffinityConfig.cookieSessionAffinity.secure = secure
|
||||
local sticky_balancer_instance = sticky_balancer_type:new(b)
|
||||
assert.has_no.errors(function() sticky_balancer_instance:balance() end)
|
||||
assert.spy(s).was_called()
|
||||
end
|
||||
|
||||
it("returns a cookie with SameSite=Strict when user specifies samesite strict", function()
|
||||
test_set_cookie_with(sticky_balanced, "Strict", false, "/", "Strict")
|
||||
it("returns a secure cookie with SameSite=Strict when user specifies samesite strict and secure=true", function()
|
||||
test_set_cookie_with(sticky_balanced, "Lax", false, "/", "Lax", true, true)
|
||||
end)
|
||||
it("returns a cookie with SameSite=Strict when user specifies samesite strict and conditional samesite none", function()
|
||||
test_set_cookie_with(sticky_balanced, "Strict", true, "/", "Strict")
|
||||
test_set_cookie_with(sticky_balanced, "Strict", true, "/", "Strict", nil, false)
|
||||
end)
|
||||
it("returns a cookie with SameSite=Lax when user specifies samesite lax", function()
|
||||
test_set_cookie_with(sticky_balanced, "Lax", false, "/", "Lax")
|
||||
test_set_cookie_with(sticky_balanced, "Lax", false, "/", "Lax", nil, false)
|
||||
end)
|
||||
it("returns a cookie with SameSite=Lax when user specifies samesite lax and conditional samesite none", function()
|
||||
test_set_cookie_with(sticky_balanced, "Lax", true, "/", "Lax")
|
||||
test_set_cookie_with(sticky_balanced, "Lax", true, "/", "Lax", nil, false)
|
||||
end)
|
||||
it("returns a cookie with SameSite=None when user specifies samesite None", function()
|
||||
test_set_cookie_with(sticky_balanced, "None", false, "/", "None")
|
||||
test_set_cookie_with(sticky_balanced, "None", false, "/", "None", nil, false)
|
||||
end)
|
||||
it("returns a cookie with SameSite=None when user specifies samesite None and conditional samesite none with supported user agent", function()
|
||||
mock_ngx({ var = { location_path = "/", host = "test.com" , http_user_agent = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.2704.103 Safari/537.36"} })
|
||||
test_set_cookie_with(sticky_balanced, "None", true, "/", "None")
|
||||
test_set_cookie_with(sticky_balanced, "None", true, "/", "None", nil, false)
|
||||
end)
|
||||
it("returns a cookie without SameSite=None when user specifies samesite None and conditional samesite none with unsupported user agent", function()
|
||||
mock_ngx({ var = { location_path = "/", host = "test.com" , http_user_agent = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"} })
|
||||
test_set_cookie_with(sticky_balanced, "None", true, "/", nil)
|
||||
test_set_cookie_with(sticky_balanced, "None", true, "/", nil, nil, false)
|
||||
end)
|
||||
|
||||
it("returns a secure cookie with SameSite=Strict when user specifies samesite strict and secure=true", function()
|
||||
test_set_cookie_with(sticky_persistent, "Lax", false, "/", "Lax", true, true)
|
||||
end)
|
||||
it("returns a cookie with SameSite=Strict when user specifies samesite strict", function()
|
||||
test_set_cookie_with(sticky_persistent, "Strict", false, "/", "Strict")
|
||||
test_set_cookie_with(sticky_persistent, "Strict", false, "/", "Strict", nil, false)
|
||||
end)
|
||||
it("returns a cookie with SameSite=Strict when user specifies samesite strict and conditional samesite none", function()
|
||||
test_set_cookie_with(sticky_persistent, "Strict", true, "/", "Strict")
|
||||
test_set_cookie_with(sticky_persistent, "Strict", true, "/", "Strict", nil, false)
|
||||
end)
|
||||
it("returns a cookie with SameSite=Lax when user specifies samesite lax", function()
|
||||
test_set_cookie_with(sticky_persistent, "Lax", false, "/", "Lax")
|
||||
test_set_cookie_with(sticky_persistent, "Lax", false, "/", "Lax", nil, false)
|
||||
end)
|
||||
it("returns a cookie with SameSite=Lax when user specifies samesite lax and conditional samesite none", function()
|
||||
test_set_cookie_with(sticky_persistent, "Lax", true, "/", "Lax")
|
||||
test_set_cookie_with(sticky_persistent, "Lax", true, "/", "Lax", nil, false)
|
||||
end)
|
||||
it("returns a cookie with SameSite=None when user specifies samesite None", function()
|
||||
test_set_cookie_with(sticky_persistent, "None", false, "/", "None")
|
||||
test_set_cookie_with(sticky_persistent, "None", false, "/", "None", nil, false)
|
||||
end)
|
||||
it("returns a cookie with SameSite=None when user specifies samesite None and conditional samesite none with supported user agent", function()
|
||||
mock_ngx({ var = { location_path = "/", host = "test.com" , http_user_agent = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.2704.103 Safari/537.36"} })
|
||||
test_set_cookie_with(sticky_persistent, "None", true, "/", "None")
|
||||
test_set_cookie_with(sticky_persistent, "None", true, "/", "None", nil, false)
|
||||
end)
|
||||
it("returns a cookie without SameSite=None when user specifies samesite None and conditional samesite none with unsupported user agent", function()
|
||||
mock_ngx({ var = { location_path = "/", host = "test.com" , http_user_agent = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"} })
|
||||
test_set_cookie_with(sticky_persistent, "None", true, "/", nil)
|
||||
test_set_cookie_with(sticky_persistent, "None", true, "/", nil, nil, false)
|
||||
end)
|
||||
end)
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue