Skip to content
Snippets Groups Projects
Select Git revision
  • v2
  • Coscine/FederationAdaption default
  • gitkeep
  • dev protected
  • Sprint/2022-01
  • fixmerge
  • master
  • develop protected
  • dependabot/nuget/Samples/SampleMvcApplication/bootstrap-3.4.1
  • dependabot/nuget/Samples/SampleOwinApplication/bootstrap-3.4.1
  • v1
  • netcore-cookiemanager
  • limitingcookiemanager
  • owin-cookiemanager
  • owin-cookiemanger-changeinterface
  • excess-cookies
  • missing_nodes_exceptions
  • empty_ref_exception
  • fix_shared_options
  • csphashsupport
  • v2.7.0
  • v1.0.2
  • v2.6.0
  • v2.5.0
  • v1.0.1
  • v2.4.0
  • v2.3.0
  • v2.2.0
  • v2.1.0
  • v2.0.0
  • v1.0.0
  • v0.24.0
  • v0.23.0
  • v2.0.0-preview01
  • v0.22.0
  • v0.21.2
  • v0.21.1
  • v0.21.0
  • v0.20.0
  • v0.19.0
40 results

SameSiteHelper.cs

Blame
  • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    SameSiteHelper.cs 2.38 KiB
    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using System.Text.RegularExpressions;
    using System.Threading.Tasks;
    
    namespace Sustainsys.Saml2
    {
        /// <summary>
        /// Simple default implementation of detection of browsers/devices not compatible with
        /// the SameSite=None cookie attribute.
        /// Based on https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
        /// </summary>
        public static class SameSiteHelper
        {
            /// <summary>
            /// Should a SameSite=None cookie attribute be emitted?
            /// </summary>
            /// <param name="userAgent">User Agent string</param>
            /// <returns>True if SameSite=None should be emitted.</returns>
            public static bool EmitSameSiteNone(string userAgent)
            => !DisallowsSameSiteNone(userAgent);
    
            private static bool DisallowsSameSiteNone(string userAgent)
            {
                // Cover all iOS based browsers here. This includes:
                // - Safari on iOS 12 for iPhone, iPod Touch, iPad
                // - WkWebview on iOS 12 for iPhone, iPod Touch, iPad
                // - Chrome on iOS 12 for iPhone, iPod Touch, iPad
                // All of which are broken by SameSite=None, because they use the iOS networking
                // stack.
                if (userAgent.Contains("CPU iPhone OS 12") ||
                    userAgent.Contains("iPad; CPU OS 12"))
                {
                    return true;
                }
    
                // Cover Mac OS X based browsers that use the Mac OS networking stack. 
                // This includes:
                // - Safari on Mac OS X.
                // This does not include:
                // - Chrome on Mac OS X
                // Because they do not use the Mac OS networking stack.
                if (userAgent.Contains("Macintosh; Intel Mac OS X 10_14") &&
                    userAgent.Contains("Version/") && userAgent.Contains("Safari"))
                {
                    return true;
                }
    
                // Cover Chrome 50-69, because some versions are broken by SameSite=None, 
                // and none in this range require it.
                // Note: this covers some pre-Chromium Edge versions, 
                // but pre-Chromium Edge does not require SameSite=None.
                if (userAgent.Contains("Chrome/5") || userAgent.Contains("Chrome/6"))
                {
                    return true;
                }
    
                return false;
            }
        }
    }