Cookie same site none (#332)

* support SameSite=None #330 * Fix maxchunk test for same site-cookie --------- Co-authored-by: Ian MacDonald <[email protected]>
gogatekeeper · Sep 6, 2023 · 369558e · 369558e
1 parent c8404e7
commit 369558e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/pkg/keycloak/proxy/cookies.go b/pkg/keycloak/proxy/cookies.go
@@ -59,6 +59,8 @@ func (r *OauthProxy) DropCookie(wrt http.ResponseWriter, host, name, value strin
 		cookie.SameSite = http.SameSiteStrictMode
 	case constant.SameSiteLax:
 		cookie.SameSite = http.SameSiteLaxMode
+	case constant.SameSiteNone:
+		cookie.SameSite = http.SameSiteNoneMode
 	}
 
 	http.SetCookie(wrt, cookie)
@@ -87,6 +89,8 @@ func (r *OauthProxy) GetMaxCookieChunkLength(req *http.Request, cookieName strin
 		maxCookieChunkLength -= len("SameSite=Strict ")
 	case constant.SameSiteLax:
 		maxCookieChunkLength -= len("SameSite=Lax ")
+	case constant.SameSiteNone:
+		maxCookieChunkLength -= len("SameSite=None ")
 	}
 
 	if r.Config.SecureCookie {

diff --git a/pkg/testsuite/cookies_test.go b/pkg/testsuite/cookies_test.go
@@ -203,7 +203,7 @@ func TestSameSiteCookie(t *testing.T) {
 	proxy.DropCookie(resp, req.Host, "test-cookie", "test-value", 0)
 
 	assert.Equal(t, resp.Header().Get("Set-Cookie"),
-		"test-cookie=test-value; Path=/",
+		"test-cookie=test-value; Path=/; SameSite=None",
 		"we have not set the cookie, headers: %v", resp.Header())
 }
 
@@ -268,19 +268,19 @@ func TestGetMaxCookieChunkLength(t *testing.T) {
 	proxy.Config.SecureCookie = true
 	proxy.Config.SameSiteCookie = "Strict"
 	proxy.Config.CookieDomain = "1234567890"
-	assert.Equal(t, proxy.GetMaxCookieChunkLength(req, "1234567890"), 4017,
+	assert.Equal(t, 4017, proxy.GetMaxCookieChunkLength(req, "1234567890"),
 		"cookie chunk calculation is not correct")
 
 	proxy.Config.SameSiteCookie = "Lax"
-	assert.Equal(t, proxy.GetMaxCookieChunkLength(req, "1234567890"), 4020,
+	assert.Equal(t, 4020, proxy.GetMaxCookieChunkLength(req, "1234567890"),
 		"cookie chunk calculation is not correct")
 
 	proxy.Config.HTTPOnlyCookie = false
 	proxy.Config.EnableSessionCookies = false
 	proxy.Config.SecureCookie = false
 	proxy.Config.SameSiteCookie = "None"
 	proxy.Config.CookieDomain = ""
-	assert.Equal(t, proxy.GetMaxCookieChunkLength(req, ""), 4021,
+	assert.Equal(t, 4007, proxy.GetMaxCookieChunkLength(req, ""),
 		"cookie chunk calculation is not correct")
 }