Skip to content
Snippets Groups Projects
Select Git revision
  • v2
  • Coscine/FederationAdaption default
  • gitkeep
  • dev protected
  • Sprint/2022-01
  • fixmerge
  • master
  • develop protected
  • dependabot/nuget/Samples/SampleMvcApplication/bootstrap-3.4.1
  • dependabot/nuget/Samples/SampleOwinApplication/bootstrap-3.4.1
  • v1
  • netcore-cookiemanager
  • limitingcookiemanager
  • owin-cookiemanager
  • owin-cookiemanger-changeinterface
  • excess-cookies
  • missing_nodes_exceptions
  • empty_ref_exception
  • fix_shared_options
  • csphashsupport
  • v2.7.0
  • v1.0.2
  • v2.6.0
  • v2.5.0
  • v1.0.1
  • v2.4.0
  • v2.3.0
  • v2.2.0
  • v2.1.0
  • v2.0.0
  • v1.0.0
  • v0.24.0
  • v0.23.0
  • v2.0.0-preview01
  • v0.22.0
  • v0.21.2
  • v0.21.1
  • v0.21.0
  • v0.20.0
  • v0.19.0
40 results

SameSiteHelper.cs

Blame
    • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    SameSiteHelper.cs 2.38 KiB 
    using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading.Tasks;

namespace Sustainsys.Saml2
{
    /// <summary>
    /// Simple default implementation of detection of browsers/devices not compatible with
    /// the SameSite=None cookie attribute.
    /// Based on https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
    /// </summary>
    public static class SameSiteHelper
    {
        /// <summary>
        /// Should a SameSite=None cookie attribute be emitted?
        /// </summary>
        /// <param name="userAgent">User Agent string</param>
        /// <returns>True if SameSite=None should be emitted.</returns>
        public static bool EmitSameSiteNone(string userAgent)
        => !DisallowsSameSiteNone(userAgent);

        private static bool DisallowsSameSiteNone(string userAgent)
        {
            // Cover all iOS based browsers here. This includes:
            // - Safari on iOS 12 for iPhone, iPod Touch, iPad
            // - WkWebview on iOS 12 for iPhone, iPod Touch, iPad
            // - Chrome on iOS 12 for iPhone, iPod Touch, iPad
            // All of which are broken by SameSite=None, because they use the iOS networking
            // stack.
            if (userAgent.Contains("CPU iPhone OS 12") ||
                userAgent.Contains("iPad; CPU OS 12"))
            {
                return true;
            }

            // Cover Mac OS X based browsers that use the Mac OS networking stack. 
            // This includes:
            // - Safari on Mac OS X.
            // This does not include:
            // - Chrome on Mac OS X
            // Because they do not use the Mac OS networking stack.
            if (userAgent.Contains("Macintosh; Intel Mac OS X 10_14") &&
                userAgent.Contains("Version/") && userAgent.Contains("Safari"))
            {
                return true;
            }

            // Cover Chrome 50-69, because some versions are broken by SameSite=None, 
            // and none in this range require it.
            // Note: this covers some pre-Chromium Edge versions, 
            // but pre-Chromium Edge does not require SameSite=None.
            if (userAgent.Contains("Chrome/5") || userAgent.Contains("Chrome/6"))
            {
                return true;
            }

            return false;
        }
    }
}