aboutsummaryrefslogtreecommitdiff
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecConfig.cs6
-rw-r--r--plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecProvider.cs2
2 files changed, 7 insertions, 1 deletions
diff --git a/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecConfig.cs b/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecConfig.cs
index 180e30e..4c80eac 100644
--- a/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecConfig.cs
+++ b/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecConfig.cs
@@ -184,6 +184,12 @@ namespace VNLib.Plugins.Essentials.Accounts.SecurityProvider
[JsonPropertyName("strict_path")]
public bool VerifyPath { get; set; } = true;
+ /// <summary>
+ /// Enforce strict user-agent strings for authorized users
+ /// </summary>
+ [JsonPropertyName("strict_user_agent")]
+ public bool StrictUserAgent { get; set; } = true;
+
void IOnConfigValidation.Validate()
{
//Validate the current instance
diff --git a/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecProvider.cs b/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecProvider.cs
index e20ec9f..d800e3e 100644
--- a/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecProvider.cs
+++ b/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecProvider.cs
@@ -120,7 +120,7 @@ namespace VNLib.Plugins.Essentials.Accounts.SecurityProvider
else if (ClientWebAuthManager.IsSessionElevated(in session))
{
//If the session stored a user-agent, make sure it matches the connection
- if (!string.Equals(session.UserAgent, entity.Server.UserAgent, StringComparison.Ordinal))
+ if (_config.StrictUserAgent && !string.Equals(session.UserAgent, entity.Server.UserAgent, StringComparison.Ordinal))
{
_logger.Debug("Denied authorized connection from {ip} because user-agent changed", entity.TrustedRemoteIp);
return ValueTask.FromResult(FileProcessArgs.Deny);
generated by cgit (git 2.46.0) at 2024-10-01 22:26:51 +0000