mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
bergquist
parent
68ae17e4a4
commit
a6bd2c73a0
@ -113,6 +113,9 @@ cache_mode = private
|
|||||||
# Login cookie name
|
# Login cookie name
|
||||||
cookie_name = grafana_session
|
cookie_name = grafana_session
|
||||||
|
|
||||||
|
# Login cookie same site setting. defaults to `lax`. can be set to "lax", "strict" and "none"
|
||||||
|
cookie_samesite = lax
|
||||||
|
|
||||||
# How many days an session can be unused before we inactivate it
|
# How many days an session can be unused before we inactivate it
|
||||||
login_remember_days = 7
|
login_remember_days = 7
|
||||||
|
|
||||||
|
|||||||
@ -109,6 +109,9 @@ log_queries =
|
|||||||
# Login cookie name
|
# Login cookie name
|
||||||
;cookie_name = grafana_session
|
;cookie_name = grafana_session
|
||||||
|
|
||||||
|
# Login cookie same site setting. defaults to `lax`. can be set to "lax", "strict" and "none"
|
||||||
|
;cookie_samesite = lax
|
||||||
|
|
||||||
# How many days an session can be unused before we inactivate it
|
# How many days an session can be unused before we inactivate it
|
||||||
;login_remember_days = 7
|
;login_remember_days = 7
|
||||||
|
|
||||||
|
|||||||
@ -96,6 +96,7 @@ func (s *UserAuthTokenServiceImpl) writeSessionCookie(ctx *models.ReqContext, va
|
|||||||
Path: setting.AppSubUrl + "/",
|
Path: setting.AppSubUrl + "/",
|
||||||
Secure: s.Cfg.SecurityHTTPSCookies,
|
Secure: s.Cfg.SecurityHTTPSCookies,
|
||||||
MaxAge: maxAge,
|
MaxAge: maxAge,
|
||||||
|
SameSite: s.Cfg.LoginCookieSameSite,
|
||||||
}
|
}
|
||||||
|
|
||||||
http.SetCookie(ctx.Resp, &cookie)
|
http.SetCookie(ctx.Resp, &cookie)
|
||||||
|
|||||||
@ -6,6 +6,7 @@ package setting
|
|||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"path"
|
"path"
|
||||||
@ -227,6 +228,7 @@ type Cfg struct {
|
|||||||
LoginCookieMaxDays int
|
LoginCookieMaxDays int
|
||||||
LoginCookieRotation int
|
LoginCookieRotation int
|
||||||
LoginDeleteExpiredTokensAfterDays int
|
LoginDeleteExpiredTokensAfterDays int
|
||||||
|
LoginCookieSameSite http.SameSite
|
||||||
|
|
||||||
SecurityHTTPSCookies bool
|
SecurityHTTPSCookies bool
|
||||||
}
|
}
|
||||||
@ -557,6 +559,20 @@ func (cfg *Cfg) Load(args *CommandLineArgs) error {
|
|||||||
cfg.LoginCookieName = login.Key("cookie_name").MustString("grafana_session")
|
cfg.LoginCookieName = login.Key("cookie_name").MustString("grafana_session")
|
||||||
cfg.LoginCookieMaxDays = login.Key("login_remember_days").MustInt(7)
|
cfg.LoginCookieMaxDays = login.Key("login_remember_days").MustInt(7)
|
||||||
cfg.LoginDeleteExpiredTokensAfterDays = login.Key("delete_expired_token_after_days").MustInt(30)
|
cfg.LoginDeleteExpiredTokensAfterDays = login.Key("delete_expired_token_after_days").MustInt(30)
|
||||||
|
|
||||||
|
samesiteString := login.Key("cookie_samesite").MustString("lax")
|
||||||
|
validSameSiteValues := map[string]http.SameSite{
|
||||||
|
"lax": http.SameSiteLaxMode,
|
||||||
|
"strict": http.SameSiteStrictMode,
|
||||||
|
"none": http.SameSiteDefaultMode,
|
||||||
|
}
|
||||||
|
|
||||||
|
if samesite, ok := validSameSiteValues[samesiteString]; ok {
|
||||||
|
cfg.LoginCookieSameSite = samesite
|
||||||
|
} else {
|
||||||
|
cfg.LoginCookieSameSite = http.SameSiteLaxMode
|
||||||
|
}
|
||||||
|
|
||||||
cfg.LoginCookieRotation = login.Key("rotate_token_minutes").MustInt(10)
|
cfg.LoginCookieRotation = login.Key("rotate_token_minutes").MustInt(10)
|
||||||
if cfg.LoginCookieRotation < 2 {
|
if cfg.LoginCookieRotation < 2 {
|
||||||
cfg.LoginCookieRotation = 2
|
cfg.LoginCookieRotation = 2
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user