cookie_domain config option for setting cookie on a wider domain

[SBizienFilippiPEReN]

Summary

Adds a cookie_domain option to define to which domain(s) the cookies sent by Nextcloud are valid. By default, it is set to '' which is the safe option (i.e. the browser is instructed to send the cookie only for request to the exact same domain that issued it).

But when your instance is accessible over 2 domains, for example 'mycloud.mydomain.example' and 'sub.mycloud.mydomain.example', setting cookie_domain to 'mycloud.mydomain.example' will make the cookie valid for mycloud.mydomain.example and any subdomain (but not for mydomain.example).

Documentation : MDN / Cookies / Define where cookies are sent.

TODO

I've updated config.sample.php, but it's not clear where should this functionality should be documented.

Checklist

• Code is properly formatted
• Sign-off message is added to all commits
• Tests (unit, integration, api and/or acceptance) are included : not clear if applicable
• Screenshots before/after for front-end changes (n.a.)
• Documentation (manuals or wiki) has been updated or is not required
• Backports not requested where applicable (ex: critical bugfixes)

[icewind1991]

Looks good otherwise

[icewind1991]

might be worth only doing this if the value is set to anything but '' to prevent overwriting any value set by the admin in the php configuration

[SBizienFilippiPEReN]

Fixed. (I amended and force-pushed the new commit : do you prefer individual fix commits for review before a final squash for merge ?)

[SBizienFilippiPEReN]

I also wondered if / how this option would be enforced for nextcloud apps. I don't know the codebase, so I can't tell if they will automatically pick this option for apps-defined cookies.

[icewind1991]

Apps should generally not be doing their own cookie logic

[come-nc]

Please use typed version of the getter when possble (not possible in base.php as it’s not the same config class in use)

[come-nc]

Suggested change

	'domain' => $this->config->getSystemValue('cookie_domain', ''),
	'domain' => $this->config->getSystemValueString('cookie_domain'),

[SBizienFilippiPEReN]

Fixed in last commit.

[come-nc]

Suggested change

	$domain = $this->config->getSystemValue('cookie_domain', '');
	$domain = $this->config->getSystemValueString('cookie_domain');

[SBizienFilippiPEReN]

Fixed.

[come-nc]

Suggested change

	$domain = $this->config->getSystemValue('cookie_domain', '');
	$domain = $this->config->getSystemValueString('cookie_domain');

[SBizienFilippiPEReN]

Fixed.

[come-nc]

github is misbehaving or you forgot to push, but I do not see the update?

[SBizienFilippiPEReN]

Indeed : I forgot to push the changes. Now, it's fixed (at least, I see the fix in github, too).

[come-nc]

As you can see in psalm output, there is no config property in this class.

So you need to either inject it in the constructor, or directly pull it here:

Suggested change

	'domain' => $this->config->getSystemValueString('cookie_domain'),
	'domain' => \OCP\Server::get(\OCP\IConfig::class)->getSystemValueString('cookie_domain'),

[SBizienFilippiPEReN]

OK! Included.

[github-actions]

Hello there,
Thank you so much for taking the time and effort to create a pull request to our Nextcloud project.

We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process.

Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6

Thank you for contributing to Nextcloud and we hope to hear from you soon!

(If you believe you should not receive this message, you can add yourself to the blocklist.)