Sync changes

Tratcher · Tratcher · commit 0c884118399d · 2019-10-08T14:53:19.000-07:00
diff --git a/src/Http/Headers/src/SetCookieHeaderValue.cs b/src/Http/Headers/src/SetCookieHeaderValue.cs
@@ -166,9 +166,9 @@ public override string ToString()
                 length += SeparatorToken.Length + HttpOnlyToken.Length;
             }
 
-            return string.Create(length, (this, maxAge), (span, tuple) =>
+            return string.Create(length, (this, maxAge, sameSite), (span, tuple) =>
             {
-                var (headerValue, maxAgeValue) = tuple;
+                var (headerValue, maxAgeValue, sameSite) = tuple;
 
                 Append(ref span, headerValue._name);
                 Append(ref span, EqualsToken);
diff --git a/src/Security/Authentication/OpenIdConnect/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/src/Security/Authentication/OpenIdConnect/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -14,7 +14,9 @@
     <Reference Include="Microsoft.AspNetCore" />
     <Reference Include="Microsoft.AspNetCore.Authentication.Cookies" />
     <Reference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" />
+    <Reference Include="Microsoft.AspNetCore.CookiePolicy" />
     <Reference Include="Microsoft.Extensions.FileProviders.Embedded" />
+    <Reference Include="Microsoft.Net.Http.Headers" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Security/Authentication/OpenIdConnect/samples/OpenIdConnectSample/Startup.cs b/src/Security/Authentication/OpenIdConnect/samples/OpenIdConnectSample/Startup.cs
@@ -32,10 +32,33 @@ public Startup(IConfiguration config, IWebHostEnvironment env)
         public IConfiguration Configuration { get; set; }
         public IWebHostEnvironment Environment { get; }
 
+        private void CheckSameSite(HttpContext httpContext, CookieOptions options)
+        {
+            if (options.SameSite > (SameSiteMode)(-1))
+            {
+                var userAgent = httpContext.Request.Headers["User-Agent"].ToString();
+                // TODO: Use your User Agent library of choice here.
+                if (userAgent.Contains("CPU iPhone OS 12") // Also covers iPod touch
+                    || userAgent.Contains("iPad; CPU OS 12")
+                    // Safari 12 and 13 are both broken on Mojave
+                    || userAgent.Contains("Macintosh; Intel Mac OS X 10_14"))
+                {
+                    options.SameSite = (SameSiteMode)(-1);
+                }
+            }
+        }
+
         public void ConfigureServices(IServiceCollection services)
         {
             JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
 
+            services.Configure<CookiePolicyOptions>(options =>
+            {
+                options.MinimumSameSitePolicy = (SameSiteMode)(-1);
+                options.OnAppendCookie = cookieContext => CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
+                options.OnDeleteCookie = cookieContext => CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
+            });
+
             services.AddAuthentication(sharedOptions =>
             {
                 sharedOptions.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
@@ -84,6 +107,7 @@ public void ConfigureServices(IServiceCollection services)
         public void Configure(IApplicationBuilder app, IOptionsMonitor<OpenIdConnectOptions> optionsMonitor)
         {
             app.UseDeveloperExceptionPage();
+            app.UseCookiePolicy(); // Before UseAuthentication or anything else that writes cookies.
             app.UseAuthentication();
 
             app.Run(async context =>
diff --git a/src/Security/Authentication/test/Microsoft.AspNetCore.Authentication.Test.csproj b/src/Security/Authentication/test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -49,6 +49,7 @@
     <Reference Include="Microsoft.AspNetCore.Authentication.WsFederation" />
     <Reference Include="Microsoft.AspNetCore.HttpOverrides" />
     <Reference Include="Microsoft.AspNetCore.TestHost" />
+    <Reference Include="Microsoft.Net.Http.Headers" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Security/CookiePolicy/test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/src/Security/CookiePolicy/test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -13,6 +13,7 @@
     <Reference Include="Microsoft.AspNetCore.CookiePolicy" />
     <Reference Include="Microsoft.AspNetCore.TestHost" />
     <Reference Include="Microsoft.Extensions.DependencyInjection" />
+    <Reference Include="Microsoft.Net.Http.Headers" />
   </ItemGroup>
 
 </Project>

Original file line number	Diff line number	Diff line change
`@@ -166,9 +166,9 @@ public override string ToString()`
`166`	`166`	`length += SeparatorToken.Length + HttpOnlyToken.Length;`
`167`	`167`	`}`
`168`	`168`
`169`		`- return string.Create(length, (this, maxAge), (span, tuple) =>`
	`169`	`+ return string.Create(length, (this, maxAge, sameSite), (span, tuple) =>`
`170`	`170`	`{`
`171`		`- var (headerValue, maxAgeValue) = tuple;`
	`171`	`+ var (headerValue, maxAgeValue, sameSite) = tuple;`
`172`	`172`
`173`	`173`	`Append(ref span, headerValue._name);`
`174`	`174`	`Append(ref span, EqualsToken);`