[nginx] Userid: userid_flags directive to set cookie flags.

Maxim Dounin mdounin at mdounin.ru
Mon Sep 28 14:09:12 UTC 2020

• Previous message (by thread): [nginx] Proxy: added the "proxy_cookie_flags" directive.
• Next message (by thread): [nginx] Resolver: improved error messages (ticket #2024).
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

details: https://hg.nginx.org/nginx/rev/e3e8b8234f05
branches: 
changeset: 7717:e3e8b8234f05
user: Maxim Dounin <mdounin at mdounin.ru>
date: Mon Sep 28 17:07:48 2020 +0300
description:
Userid: userid_flags directive to set cookie flags.
diffstat:
 src/http/modules/ngx_http_userid_filter_module.c | 72 ++++++++++++++++++++++++
 1 files changed, 72 insertions(+), 0 deletions(-)
diffs (130 lines):
diff -r d6a5e14aa3e4 -r e3e8b8234f05 src/http/modules/ngx_http_userid_filter_module.c
--- a/src/http/modules/ngx_http_userid_filter_module.c	Sun Sep 27 23:21:11 2020 +0300
+++ b/src/http/modules/ngx_http_userid_filter_module.c	Mon Sep 28 17:07:48 2020 +0300
@@ -15,12 +15,20 @@
 #define NGX_HTTP_USERID_V1 2
 #define NGX_HTTP_USERID_ON 3
 
+#define NGX_HTTP_USERID_COOKIE_SECURE 0x0001
+#define NGX_HTTP_USERID_COOKIE_HTTPONLY 0x0002
+#define NGX_HTTP_USERID_COOKIE_SAMESITE 0x0004
+#define NGX_HTTP_USERID_COOKIE_SAMESITE_STRICT 0x0008
+#define NGX_HTTP_USERID_COOKIE_SAMESITE_LAX 0x0010
+#define NGX_HTTP_USERID_COOKIE_SAMESITE_NONE 0x0020
+
 /* 31 Dec 2037 23:55:55 GMT */
 #define NGX_HTTP_USERID_MAX_EXPIRES 2145916555
 
 
 typedef struct {
 ngx_uint_t enable;
+ ngx_uint_t flags;
 
 ngx_int_t service;
 
@@ -88,6 +96,19 @@ static ngx_conf_enum_t ngx_http_userid_
 };
 
 
+static ngx_conf_bitmask_t ngx_http_userid_flags[] = {
+ { ngx_string("secure"), NGX_HTTP_USERID_COOKIE_SECURE },
+ { ngx_string("httponly"), NGX_HTTP_USERID_COOKIE_HTTPONLY },
+ { ngx_string("samesite=strict"),
+ NGX_HTTP_USERID_COOKIE_SAMESITE|NGX_HTTP_USERID_COOKIE_SAMESITE_STRICT },
+ { ngx_string("samesite=lax"),
+ NGX_HTTP_USERID_COOKIE_SAMESITE|NGX_HTTP_USERID_COOKIE_SAMESITE_LAX },
+ { ngx_string("samesite=none"),
+ NGX_HTTP_USERID_COOKIE_SAMESITE|NGX_HTTP_USERID_COOKIE_SAMESITE_NONE },
+ { ngx_null_string, 0 }
+};
+
+
 static ngx_conf_post_handler_pt ngx_http_userid_domain_p =
 ngx_http_userid_domain;
 static ngx_conf_post_handler_pt ngx_http_userid_path_p = ngx_http_userid_path;
@@ -138,6 +159,13 @@ static ngx_command_t ngx_http_userid_co
 0,
 NULL },
 
+ { ngx_string("userid_flags"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE123,
+ ngx_conf_set_bitmask_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_userid_conf_t, flags),
+ &ngx_http_userid_flags },
+
 { ngx_string("userid_p3p"),
 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
 ngx_conf_set_str_slot,
@@ -383,6 +411,26 @@ ngx_http_userid_set_uid(ngx_http_request
 len += conf->domain.len;
 }
 
+ if (conf->flags & NGX_HTTP_USERID_COOKIE_SECURE) {
+ len += sizeof("; secure") - 1;
+ }
+
+ if (conf->flags & NGX_HTTP_USERID_COOKIE_HTTPONLY) {
+ len += sizeof("; httponly") - 1;
+ }
+
+ if (conf->flags & NGX_HTTP_USERID_COOKIE_SAMESITE_STRICT) {
+ len += sizeof("; samesite=strict") - 1;
+ }
+
+ if (conf->flags & NGX_HTTP_USERID_COOKIE_SAMESITE_LAX) {
+ len += sizeof("; samesite=lax") - 1;
+ }
+
+ if (conf->flags & NGX_HTTP_USERID_COOKIE_SAMESITE_NONE) {
+ len += sizeof("; samesite=none") - 1;
+ }
+
 cookie = ngx_pnalloc(r->pool, len);
 if (cookie == NULL) {
 return NGX_ERROR;
@@ -422,6 +470,26 @@ ngx_http_userid_set_uid(ngx_http_request
 
 p = ngx_copy(p, conf->path.data, conf->path.len);
 
+ if (conf->flags & NGX_HTTP_USERID_COOKIE_SECURE) {
+ p = ngx_cpymem(p, "; secure", sizeof("; secure") - 1);
+ }
+
+ if (conf->flags & NGX_HTTP_USERID_COOKIE_HTTPONLY) {
+ p = ngx_cpymem(p, "; httponly", sizeof("; httponly") - 1);
+ }
+
+ if (conf->flags & NGX_HTTP_USERID_COOKIE_SAMESITE_STRICT) {
+ p = ngx_cpymem(p, "; samesite=strict", sizeof("; samesite=strict") - 1);
+ }
+
+ if (conf->flags & NGX_HTTP_USERID_COOKIE_SAMESITE_LAX) {
+ p = ngx_cpymem(p, "; samesite=lax", sizeof("; samesite=lax") - 1);
+ }
+
+ if (conf->flags & NGX_HTTP_USERID_COOKIE_SAMESITE_NONE) {
+ p = ngx_cpymem(p, "; samesite=none", sizeof("; samesite=none") - 1);
+ }
+
 set_cookie = ngx_list_push(&r->headers_out.headers);
 if (set_cookie == NULL) {
 return NGX_ERROR;
@@ -658,6 +726,7 @@ ngx_http_userid_create_conf(ngx_conf_t *
 /*
 * set by ngx_pcalloc():
 *
+ * conf->flags = 0;
 * conf->name = { 0, NULL };
 * conf->domain = { 0, NULL };
 * conf->path = { 0, NULL };
@@ -682,6 +751,9 @@ ngx_http_userid_merge_conf(ngx_conf_t *c
 ngx_conf_merge_uint_value(conf->enable, prev->enable,
 NGX_HTTP_USERID_OFF);
 
+ ngx_conf_merge_bitmask_value(conf->flags, prev->flags,
+ NGX_CONF_BITMASK_SET);
+
 ngx_conf_merge_str_value(conf->name, prev->name, "uid");
 ngx_conf_merge_str_value(conf->domain, prev->domain, "");
 ngx_conf_merge_str_value(conf->path, prev->path, "; path=/");

---

• Previous message (by thread): [nginx] Proxy: added the "proxy_cookie_flags" directive.
• Next message (by thread): [nginx] Resolver: improved error messages (ticket #2024).
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the nginx-devel mailing list