From 34902c086d1707707b806864363cfaee317213e2 Mon Sep 17 00:00:00 2001 From: vnugent Date: Sun, 28 Jul 2024 19:34:23 -0400 Subject: Squashed commit of the following: commit a1ee522f7f5f0ab3cd268b0f42223700dd4d9dc8 Author: vnugent Date: Thu Jul 4 23:57:14 2024 -0400 analyzer pass commit d650bac961dc927cd9b1b35816dab6e48c744ef9 Author: vnugent Date: Fri Jun 21 17:07:54 2024 -0400 config validation updates commit 166e4b771f6f95c5093cf064ab47190bc2b33646 Merge: 4c973bb f2dedde Author: vnugent Date: Wed May 22 15:33:54 2024 -0400 Merge branch 'master' into develop commit 4c973bb81d8cff22a77eb082611746713390c99b Author: vnugent Date: Sun May 19 11:41:55 2024 -0400 feat: Update to follow latest core features commit 7118b66c4f2655db01fd061e43f5214d0dd891e8 Author: vnugent Date: Thu May 2 15:47:22 2024 -0400 refactor: Moved session security middleware commit 97722f178f5e5107fcbdd1df4944a818fedf8722 Merge: f70c94e 84f81db Author: vnugent Date: Sat Apr 20 12:13:23 2024 -0400 Merge branch 'master' into develop commit f70c94e948aa41e90d99f187d8a4791a726bc681 Author: vnugent Date: Sat Apr 20 00:48:49 2024 -0400 fix: Missing session detach flag on close commit 2a2078b8cc3dd216c46419bce7577ae572317955 Author: vnugent Date: Mon Apr 15 16:22:38 2024 -0400 fix: fixed bearer token header requirments from crashing --- .../src/Security/WebSessionSecMiddleware.cs | 24 +--------------------- 1 file changed, 1 insertion(+), 23 deletions(-) (limited to 'plugins/SessionProvider/src') diff --git a/plugins/SessionProvider/src/Security/WebSessionSecMiddleware.cs b/plugins/SessionProvider/src/Security/WebSessionSecMiddleware.cs index 6a21ded..e8578a8 100644 --- a/plugins/SessionProvider/src/Security/WebSessionSecMiddleware.cs +++ b/plugins/SessionProvider/src/Security/WebSessionSecMiddleware.cs @@ -48,7 +48,6 @@ namespace VNLib.Plugins.Essentials.Sessions if (session.IsSet) { - /* * Check if the session was established over a secure connection, * and if the current connection is insecure, redirect them to a @@ -72,25 +71,6 @@ namespace VNLib.Plugins.Essentials.Sessions //If session is not new, then verify it matches stored credentials if (!session.IsNew && session.SessionType == SessionType.Web) { - /* - * When sessions are created for connections that come from a different - * origin, their origin is stored for later. - * - * If the session was created from a different origin or the current connection - * is cross origin, then the origin must match the stored origin. - */ - - if (_secConfig.EnforceStrictCors) - { - if ((entity.Server.CrossOrigin || session.CrossOrigin) - && !session.CrossOriginMatch - && entity.Server.Origin != null) - { - _log.Debug("Denied connection from {0} due to cross-origin session mismatch.", entity.TrustedRemoteIp); - return ValueTask.FromResult(FileProcessArgs.Deny); - } - } - if (_secConfig.EnfoceStrictTlsProtocol) { //Try to prevent security downgrade attacks @@ -105,11 +85,9 @@ namespace VNLib.Plugins.Essentials.Sessions return ValueTask.FromResult(FileProcessArgs.Continue); } - + sealed class SecConfig { - [JsonPropertyName("strict_cors")] - public bool EnforceStrictCors { get; set; } = true; [JsonPropertyName("strict_tls_protocol")] public bool EnfoceStrictTlsProtocol { get; set; } = true; -- cgit