Add path attribute to split cookies (#6298)

* Add "Path" attribute to "/" Without this the browser defaults to a path of the parent of the path in the request. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#pathpath-value This means the cookie isn't included in api requests since the path is too restrictive * Update tests with split cookie path attribute
4 months ago · ef75427403
parent 7d3c0b4732
commit ef75427403
3 changed files with 6 additions and 2 deletions
--- a/internal/daemon/controller/handler_test.go
+++ b/internal/daemon/controller/handler_test.go
@ -92,6 +92,8 @@ func TestAuthenticationHandler(t *testing.T) {
 	assert.NotEmpty(t, cookies[handlers.JsVisibleCookieName].Value)
 	assert.True(t, cookies[handlers.HttpOnlyCookieName].HttpOnly)
 	assert.False(t, cookies[handlers.JsVisibleCookieName].HttpOnly)
+	assert.Equal(t, cookies[handlers.HttpOnlyCookieName].Path, "/")
+	assert.Equal(t, cookies[handlers.JsVisibleCookieName].Path, "/")
 	tok = cookies[handlers.JsVisibleCookieName].Value

 	pubId = attrs["id"].(string)
--- a/internal/daemon/controller/handlers/outgoing_response_filter.go
+++ b/internal/daemon/controller/handlers/outgoing_response_filter.go
@ -114,11 +114,13 @@ func OutgoingResponseFilter(ctx context.Context, w http.ResponseWriter, m proto.
 				jsTok := http.Cookie{
 					Name:  JsVisibleCookieName,
 					Value: tok[:half],
+					Path:  "/",
 				}
 				httpTok := http.Cookie{
 					Name:     HttpOnlyCookieName,
 					Value:    tok[half:],
 					HttpOnly: true,
+					Path:     "/",
 				}
 				http.SetCookie(w, &jsTok)
 				http.SetCookie(w, &httpTok)
--- a/internal/daemon/controller/handlers/outgoing_response_filter_test.go
+++ b/internal/daemon/controller/handlers/outgoing_response_filter_test.go
@ -26,8 +26,8 @@ func TestOutgoingSplitCookie(t *testing.T) {
 	require.NoError(t, err)
 	require.NoError(t, OutgoingResponseFilter(context.Background(), rec, &pbs.AuthenticateResponse{Attrs: &pbs.AuthenticateResponse_Attributes{Attributes: attrs}, Type: "cookie"}))
 	assert.ElementsMatch(t, rec.Result().Cookies(), []*http.Cookie{
-		{Name: HttpOnlyCookieName, Value: "34567890", HttpOnly: true, Raw: "wt-http-token-cookie=34567890; HttpOnly"},
-		{Name: JsVisibleCookieName, Value: "t_abc_12", Raw: "wt-js-token-cookie=t_abc_12"},
+		{Name: HttpOnlyCookieName, Value: "34567890", HttpOnly: true, Path: "/", Raw: "wt-http-token-cookie=34567890; Path=/; HttpOnly"},
+		{Name: JsVisibleCookieName, Value: "t_abc_12", Path: "/", Raw: "wt-js-token-cookie=t_abc_12; Path=/"},
 	})
 }