bookstack

History

Dan Brown cdef1b3ab0 Updated SAML ACS post to retain user session Session was being lost due to the callback POST request cookies not being provided due to samesite=lax. This instead adds an additional hop in the flow to route the request via a GET request so the session is retained. SAML POST data is stored encrypted in cache via a unique ID then pulled out straight afterwards, and restored into POST for the SAML toolkit to validate. Updated testing to cover.	2021-10-20 13:34:00 +01:00
..
api.php	Build out core attachments API controller	2021-10-18 17:46:55 +01:00
web.php	Updated SAML ACS post to retain user session	2021-10-20 13:34:00 +01:00

Updated SAML ACS post to retain user session

Session was being lost due to the callback POST request cookies
not being provided due to samesite=lax. This instead adds an additional
hop in the flow to route the request via a GET request so the session is
retained. SAML POST data is stored encrypted in cache via a unique ID
then pulled out straight afterwards, and restored into POST for the SAML
toolkit to validate.

Updated testing to cover.

2021-10-20 13:34:00 +01:00

api.php

Build out core attachments API controller

2021-10-18 17:46:55 +01:00

web.php

Updated SAML ACS post to retain user session

2021-10-20 13:34:00 +01:00