feat: X domain console cookie
This commit is contained in:
parent
ffa823e455
commit
611fbf6b32
4 changed files with 26 additions and 7 deletions
1
.env
1
.env
|
@ -4,6 +4,7 @@ _APP_WORKER_PER_CORE=6
|
||||||
_APP_CONSOLE_WHITELIST_ROOT=disabled
|
_APP_CONSOLE_WHITELIST_ROOT=disabled
|
||||||
_APP_CONSOLE_WHITELIST_EMAILS=
|
_APP_CONSOLE_WHITELIST_EMAILS=
|
||||||
_APP_CONSOLE_WHITELIST_IPS=
|
_APP_CONSOLE_WHITELIST_IPS=
|
||||||
|
_APP_CONSOLE_ROOT_SESSION=disabled
|
||||||
_APP_SYSTEM_EMAIL_NAME=Appwrite
|
_APP_SYSTEM_EMAIL_NAME=Appwrite
|
||||||
_APP_SYSTEM_EMAIL_ADDRESS=team@appwrite.io
|
_APP_SYSTEM_EMAIL_ADDRESS=team@appwrite.io
|
||||||
_APP_SYSTEM_SECURITY_EMAIL_ADDRESS=security@appwrite.io
|
_APP_SYSTEM_SECURITY_EMAIL_ADDRESS=security@appwrite.io
|
||||||
|
|
|
@ -105,6 +105,15 @@ return [
|
||||||
'question' => '',
|
'question' => '',
|
||||||
'filter' => ''
|
'filter' => ''
|
||||||
],
|
],
|
||||||
|
[
|
||||||
|
'name' => '_APP_CONSOLE_ROOT_SESSION',
|
||||||
|
'description' => 'Domain policy for the Appwrite console session cookie. By default, set to \'disabled\', meaning the session cookie will be set to the domain of the Appwrite console (e.g. cloud.appwrite.io). When set to \'enabled\', the session cookie will be set to the registerable domain of the Appwrite server (e.g. appwrite.io).',
|
||||||
|
'introduction' => '',
|
||||||
|
'default' => 'disabled',
|
||||||
|
'required' => false,
|
||||||
|
'question' => '',
|
||||||
|
'filter' => ''
|
||||||
|
],
|
||||||
[
|
[
|
||||||
'name' => '_APP_SYSTEM_EMAIL_NAME',
|
'name' => '_APP_SYSTEM_EMAIL_NAME',
|
||||||
'description' => 'This is the sender name value that will appear on email messages sent to developers from the Appwrite console. The default value is: \'Appwrite\'. You can use url encoded strings for spaces and special chars.',
|
'description' => 'This is the sender name value that will appear on email messages sent to developers from the Appwrite console. The default value is: \'Appwrite\'. You can use url encoded strings for spaces and special chars.',
|
||||||
|
|
|
@ -175,13 +175,21 @@ App::init()
|
||||||
$endDomain->getRegisterable() !== ''
|
$endDomain->getRegisterable() !== ''
|
||||||
);
|
);
|
||||||
|
|
||||||
Config::setParam('cookieDomain', (
|
$isLocalHost = $request->getHostname() === 'localhost' || $request->getHostname() === 'localhost:' . $request->getPort();
|
||||||
$request->getHostname() === 'localhost' ||
|
$isIpAddress = filter_var($request->getHostname(), FILTER_VALIDATE_IP) !== false;
|
||||||
$request->getHostname() === 'localhost:' . $request->getPort() ||
|
|
||||||
(\filter_var($request->getHostname(), FILTER_VALIDATE_IP) !== false)
|
$isConsoleProject = $project->getAttribute('$id', '') === 'console';
|
||||||
)
|
$isConsoleRootSession = App::getEnv('_APP_CONSOLE_ROOT_SESSION', 'disabled') === 'enabled';
|
||||||
? null
|
|
||||||
: '.' . $request->getHostname());
|
Config::setParam(
|
||||||
|
'cookieDomain',
|
||||||
|
$isLocalHost || $isIpAddress
|
||||||
|
? null
|
||||||
|
: ($isConsoleProject && $isConsoleRootSession
|
||||||
|
? '.' . $selfDomain->getRegisterable()
|
||||||
|
: '.' . $request->getHostname()
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Response format
|
* Response format
|
||||||
|
|
|
@ -100,6 +100,7 @@ services:
|
||||||
- _APP_CONSOLE_WHITELIST_ROOT
|
- _APP_CONSOLE_WHITELIST_ROOT
|
||||||
- _APP_CONSOLE_WHITELIST_EMAILS
|
- _APP_CONSOLE_WHITELIST_EMAILS
|
||||||
- _APP_CONSOLE_WHITELIST_IPS
|
- _APP_CONSOLE_WHITELIST_IPS
|
||||||
|
- _APP_CONSOLE_ROOT_SESSION
|
||||||
- _APP_SYSTEM_EMAIL_NAME
|
- _APP_SYSTEM_EMAIL_NAME
|
||||||
- _APP_SYSTEM_EMAIL_ADDRESS
|
- _APP_SYSTEM_EMAIL_ADDRESS
|
||||||
- _APP_SYSTEM_SECURITY_EMAIL_ADDRESS
|
- _APP_SYSTEM_SECURITY_EMAIL_ADDRESS
|
||||||
|
|
Loading…
Reference in a new issue