|
5 | 5 | "encoding/json" |
6 | 6 | "errors" |
7 | 7 | "fmt" |
| 8 | + "log" |
8 | 9 | "net/http" |
9 | 10 | "slices" |
10 | 11 | "strings" |
@@ -268,13 +269,31 @@ func (j *Service) Set(w http.ResponseWriter, claims Claims) (Claims, error) { |
268 | 269 | // This allows the OAuth flow to complete successfully |
269 | 270 | needsCookies := claims.Handshake != nil |
270 | 271 |
|
| 272 | + if needsCookies { |
| 273 | + log.Printf("[ERROR] OAuth handshake request from %s, will set cookie %s=%s", |
| 274 | + claims.Handshake.From, |
| 275 | + j.JWTCookieName, |
| 276 | + tokenString[:10]+"...") |
| 277 | + } |
| 278 | + |
271 | 279 | // Set the JWT in the header if requested, |
272 | 280 | // skip setting cookies unless this is part of OAuth handshake |
273 | 281 | if j.SendJWTHeader && !needsCookies { |
| 282 | + log.Printf("[ERROR] Won't set cookie, will write claims to header instead: %v", claims) |
274 | 283 | w.Header().Set(j.JWTHeaderKey, tokenString) |
| 284 | + // reset existing JWT cookies which we might have left after OAuth handshake |
| 285 | + jwtCookie := http.Cookie{Name: j.JWTCookieName, Value: "", HttpOnly: true, Path: "/", Domain: j.JWTCookieDomain, |
| 286 | + MaxAge: -1, Expires: time.Unix(0, 0), Secure: j.SecureCookies, SameSite: j.SameSite} |
| 287 | + http.SetCookie(w, &jwtCookie) |
| 288 | + |
| 289 | + xsrfCookie := http.Cookie{Name: j.XSRFCookieName, Value: "", HttpOnly: true, Path: "/", Domain: j.JWTCookieDomain, |
| 290 | + MaxAge: -1, Expires: time.Unix(0, 0), Secure: j.SecureCookies, SameSite: j.SameSite} |
| 291 | + http.SetCookie(w, &xsrfCookie) |
275 | 292 | return claims, nil |
276 | 293 | } |
277 | 294 |
|
| 295 | + log.Printf("[ERROR] Cookie setting: %v", claims) |
| 296 | + |
278 | 297 | cookieExpiration := 0 // session cookie |
279 | 298 | if !claims.SessionOnly && claims.Handshake == nil { |
280 | 299 | cookieExpiration = int(j.CookieDuration.Seconds()) |
@@ -359,11 +378,11 @@ func (j *Service) IsExpired(claims Claims) bool { |
359 | 378 |
|
360 | 379 | // Reset token's cookies |
361 | 380 | func (j *Service) Reset(w http.ResponseWriter) { |
362 | | - jwtCookie := http.Cookie{Name: j.JWTCookieName, Value: "", HttpOnly: false, Path: "/", Domain: j.JWTCookieDomain, |
| 381 | + jwtCookie := http.Cookie{Name: j.JWTCookieName, Value: "", HttpOnly: true, Path: "/", Domain: j.JWTCookieDomain, |
363 | 382 | MaxAge: -1, Expires: time.Unix(0, 0), Secure: j.SecureCookies, SameSite: j.SameSite} |
364 | 383 | http.SetCookie(w, &jwtCookie) |
365 | 384 |
|
366 | | - xsrfCookie := http.Cookie{Name: j.XSRFCookieName, Value: "", HttpOnly: false, Path: "/", Domain: j.JWTCookieDomain, |
| 385 | + xsrfCookie := http.Cookie{Name: j.XSRFCookieName, Value: "", HttpOnly: true, Path: "/", Domain: j.JWTCookieDomain, |
367 | 386 | MaxAge: -1, Expires: time.Unix(0, 0), Secure: j.SecureCookies, SameSite: j.SameSite} |
368 | 387 | http.SetCookie(w, &xsrfCookie) |
369 | 388 |
|
|
0 commit comments