diff options
author | vnugent <public@vaughnnugent.com> | 2024-07-28 19:34:23 -0400 |
---|---|---|
committer | vnugent <public@vaughnnugent.com> | 2024-07-28 19:34:23 -0400 |
commit | 34902c086d1707707b806864363cfaee317213e2 (patch) | |
tree | eb2afb63a5400cad9a88ae5c3209bd0ab335ec24 /plugins/SessionProvider | |
parent | f2dedded2a8646273c4dd13013b8334d64e02d6f (diff) |
commit a1ee522f7f5f0ab3cd268b0f42223700dd4d9dc8
Author: vnugent <public@vaughnnugent.com>
Date: Thu Jul 4 23:57:14 2024 -0400
analyzer pass
commit d650bac961dc927cd9b1b35816dab6e48c744ef9
Author: vnugent <public@vaughnnugent.com>
Date: Fri Jun 21 17:07:54 2024 -0400
config validation updates
commit 166e4b771f6f95c5093cf064ab47190bc2b33646
Merge: 4c973bb f2dedde
Author: vnugent <public@vaughnnugent.com>
Date: Wed May 22 15:33:54 2024 -0400
Merge branch 'master' into develop
commit 4c973bb81d8cff22a77eb082611746713390c99b
Author: vnugent <public@vaughnnugent.com>
Date: Sun May 19 11:41:55 2024 -0400
feat: Update to follow latest core features
commit 7118b66c4f2655db01fd061e43f5214d0dd891e8
Author: vnugent <public@vaughnnugent.com>
Date: Thu May 2 15:47:22 2024 -0400
refactor: Moved session security middleware
commit 97722f178f5e5107fcbdd1df4944a818fedf8722
Merge: f70c94e 84f81db
Author: vnugent <public@vaughnnugent.com>
Date: Sat Apr 20 12:13:23 2024 -0400
Merge branch 'master' into develop
commit f70c94e948aa41e90d99f187d8a4791a726bc681
Author: vnugent <public@vaughnnugent.com>
Date: Sat Apr 20 00:48:49 2024 -0400
fix: Missing session detach flag on close
commit 2a2078b8cc3dd216c46419bce7577ae572317955
Author: vnugent <public@vaughnnugent.com>
Date: Mon Apr 15 16:22:38 2024 -0400
fix: fixed bearer token header requirments from crashing
Diffstat (limited to 'plugins/SessionProvider')
-rw-r--r-- | plugins/SessionProvider/src/Security/WebSessionSecMiddleware.cs | 24 |
1 files changed, 1 insertions, 23 deletions
diff --git a/plugins/SessionProvider/src/Security/WebSessionSecMiddleware.cs b/plugins/SessionProvider/src/Security/WebSessionSecMiddleware.cs index 6a21ded..e8578a8 100644 --- a/plugins/SessionProvider/src/Security/WebSessionSecMiddleware.cs +++ b/plugins/SessionProvider/src/Security/WebSessionSecMiddleware.cs @@ -48,7 +48,6 @@ namespace VNLib.Plugins.Essentials.Sessions if (session.IsSet) { - /* * Check if the session was established over a secure connection, * and if the current connection is insecure, redirect them to a @@ -72,25 +71,6 @@ namespace VNLib.Plugins.Essentials.Sessions //If session is not new, then verify it matches stored credentials if (!session.IsNew && session.SessionType == SessionType.Web) { - /* - * When sessions are created for connections that come from a different - * origin, their origin is stored for later. - * - * If the session was created from a different origin or the current connection - * is cross origin, then the origin must match the stored origin. - */ - - if (_secConfig.EnforceStrictCors) - { - if ((entity.Server.CrossOrigin || session.CrossOrigin) - && !session.CrossOriginMatch - && entity.Server.Origin != null) - { - _log.Debug("Denied connection from {0} due to cross-origin session mismatch.", entity.TrustedRemoteIp); - return ValueTask.FromResult(FileProcessArgs.Deny); - } - } - if (_secConfig.EnfoceStrictTlsProtocol) { //Try to prevent security downgrade attacks @@ -105,11 +85,9 @@ namespace VNLib.Plugins.Essentials.Sessions return ValueTask.FromResult(FileProcessArgs.Continue); } - + sealed class SecConfig { - [JsonPropertyName("strict_cors")] - public bool EnforceStrictCors { get; set; } = true; [JsonPropertyName("strict_tls_protocol")] public bool EnfoceStrictTlsProtocol { get; set; } = true; |