Skip to content

Commit 0f78922

Browse files
SBizienFilippiPEReNSBizienFilippiPEReN
committed
feat(core): add cookie_domain config option
Signed-off-by: Samuel Bizien Filippi <[email protected]>
1 parent 91c94f1 commit 0f78922

File tree

4 files changed

+26
-10
lines changed

4 files changed

+26
-10
lines changed

config/config.sample.php

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -88,6 +88,14 @@
8888
'[2001:db8::1]'
8989
],
9090

91+
/**
92+
* The validity domain for cookies, for example '' (cookies will be sent only
93+
* the domain that defined it, e.g. 'demo.example.org'), 'demo.example.org'
94+
* (cookies will be valid for the domain and all subdomains), ...
95+
*
96+
* Defaults to '' (safe option)
97+
*/
98+
'cookie_domain' => '',
9199

92100
/**
93101
* Where user files are stored. The SQLite database is also stored here, when

lib/base.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -398,6 +398,12 @@ public static function initSession(): void {
398398
$cookie_path = OC::$WEBROOT ? : '/';
399399
ini_set('session.cookie_path', $cookie_path);
400400

401+
// set the cookie domain to the Nextcloud domain
402+
$cookie_domain = self::$config->getValue('cookie_domain', '');
403+
if ($cookie_domain) {
404+
ini_set('session.cookie_domain', $cookie_domain);
405+
}
406+
401407
// Let the session name be changed in the initSession Hook
402408
$sessionName = OC_Util::getInstanceId();
403409

lib/private/Session/CryptoWrapper.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ public function __construct(
5959
[
6060
'expires' => 0,
6161
'path' => $webRoot,
62-
'domain' => '',
62+
'domain' => $this->config->getSystemValue('cookie_domain', ''),
6363
'secure' => $secureCookie,
6464
'httponly' => true,
6565
'samesite' => 'Lax',

lib/private/User/Session.php

Lines changed: 11 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -968,14 +968,15 @@ public function setMagicInCookie($username, $token) {
968968
if ($webRoot === '') {
969969
$webRoot = '/';
970970
}
971+
$domain = $this->config->getSystemValue('cookie_domain', '');
971972

972973
$maxAge = $this->config->getSystemValueInt('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
973974
\OC\Http\CookieHelper::setCookie(
974975
'nc_username',
975976
$username,
976977
$maxAge,
977978
$webRoot,
978-
'',
979+
$domain,
979980
$secureCookie,
980981
true,
981982
\OC\Http\CookieHelper::SAMESITE_LAX
@@ -985,7 +986,7 @@ public function setMagicInCookie($username, $token) {
985986
$token,
986987
$maxAge,
987988
$webRoot,
988-
'',
989+
$domain,
989990
$secureCookie,
990991
true,
991992
\OC\Http\CookieHelper::SAMESITE_LAX
@@ -996,7 +997,7 @@ public function setMagicInCookie($username, $token) {
996997
$this->session->getId(),
997998
$maxAge,
998999
$webRoot,
999-
'',
1000+
$domain,
10001001
$secureCookie,
10011002
true,
10021003
\OC\Http\CookieHelper::SAMESITE_LAX
@@ -1012,18 +1013,19 @@ public function setMagicInCookie($username, $token) {
10121013
public function unsetMagicInCookie() {
10131014
//TODO: DI for cookies and IRequest
10141015
$secureCookie = OC::$server->getRequest()->getServerProtocol() === 'https';
1016+
$domain = $this->config->getSystemValue('cookie_domain', '');
10151017

10161018
unset($_COOKIE['nc_username']); //TODO: DI
10171019
unset($_COOKIE['nc_token']);
10181020
unset($_COOKIE['nc_session_id']);
1019-
setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
1020-
setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
1021-
setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
1021+
setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, $domain, $secureCookie, true);
1022+
setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, $domain, $secureCookie, true);
1023+
setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, $domain, $secureCookie, true);
10221024
// old cookies might be stored under /webroot/ instead of /webroot
10231025
// and Firefox doesn't like it!
1024-
setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
1025-
setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
1026-
setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
1026+
setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', $domain, $secureCookie, true);
1027+
setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', $domain, $secureCookie, true);
1028+
setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', $domain, $secureCookie, true);
10271029
}
10281030

10291031
/**

0 commit comments

Comments
 (0)