Spread the use of option SameSite to tracking cookies (crewjam#302)

atezet · Dec 14, 2020 · cc774ea · cc774ea
1 parent 60b9b0c
commit cc774ea
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 0 deletions.
diff --git a/samlsp/new.go b/samlsp/new.go
@@ -115,6 +115,7 @@ func DefaultRequestTracker(opts Options, serviceProvider *saml.ServiceProvider)
 		NamePrefix:      "saml_",
 		Codec:           DefaultTrackedRequestCodec(opts),
 		MaxAge:          saml.MaxIssueDelay,
+		SameSite:        opts.CookieSameSite,
 	}
 }
 

diff --git a/samlsp/request_tracker_cookie.go b/samlsp/request_tracker_cookie.go
@@ -19,6 +19,7 @@ type CookieRequestTracker struct {
 	NamePrefix      string
 	Codec           TrackedRequestCodec
 	MaxAge          time.Duration
+	SameSite        http.SameSite
 }
 
 // TrackRequest starts tracking the SAML request with the given ID. It returns an
@@ -39,6 +40,7 @@ func (t CookieRequestTracker) TrackRequest(w http.ResponseWriter, r *http.Reques
 		Value:    signedTrackedRequest,
 		MaxAge:   int(t.MaxAge.Seconds()),
 		HttpOnly: true,
+		SameSite: t.SameSite,
 		Secure:   t.ServiceProvider.AcsURL.Scheme == "https",
 		Path:     t.ServiceProvider.AcsURL.Path,
 	})