Created
September 13, 2021 12:45
-
-
Save tyree731/91d17391eb874e2b781997c930e05f88 to your computer and use it in GitHub Desktop.
Handling SameSite=None in openresty/Kong
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
local ShouldSendSameSiteNone = {} | |
-------------------------------------------------------------------------------- | |
-- A Lua implementation of https://www.chromium.org/updates/same-site/incompatible-clients | |
-- Don�t send `SameSite=None` to known incompatible clients. | |
-- Lua pattern matching of the user-agent string. | |
local function isIosVersion(major, useragent) | |
local pattern = "%(iP.+; CPU .*OS (%d+)[%d_]*.*%) AppleWebKit/" | |
local version = string.match(useragent, pattern) | |
return version == tostring(major) | |
end | |
local function isMacosxVersion(major, minor, useragent) | |
local pattern = "%(Macintosh;.*Mac OS X (%d+)_(%d+)[_%d]*.*%) AppleWebKit/" | |
local _maj, _min = string.match(useragent, pattern) | |
return tostring(major) == _maj and tostring(minor) == _min | |
end | |
local function isMacEmbeddedBrowser(useragent) | |
local pattern = "^Mozilla/[%.%d]+ %(Macintosh;.*Mac OS X [_%d]+%) AppleWebKit/[%.%d]+ %(KHTML, like Gecko%)$" | |
return string.match(useragent, pattern) | |
end | |
local function isChromiumBased(useragent) | |
return string.match(useragent, "Chrome") or string.match(useragent, "Chromium") | |
end | |
local function isSafari(useragent) | |
local pattern = "Version/.* Safari/" | |
return string.match(useragent, pattern) and not isChromiumBased(useragent) | |
end | |
local function isChromiumVersionAtLeast(major, useragent) | |
local pattern = "Chrom[^ /]+/(%d+)[%.%d]* " | |
local _version = tonumber(string.match(useragent, pattern)) | |
if _version then | |
return _version >= major | |
else | |
return false | |
end | |
end | |
local function isUcBrowser(useragent) | |
local pattern = "UCBrowser/" | |
return string.match(useragent, pattern) | |
end | |
local function isUcBrowserVersionAtLeast(major, minor, build, useragent) | |
local pattern = "UCBrowser/(%d+)%.(%d+)%.(%d+)[%.%d]* " | |
local _major, _minor, _build = string.match(useragent, pattern) | |
if not _major or not _minor or not _build then | |
return false | |
end | |
if _major ~= tostring(major) then | |
return tonumber(_major) > major | |
end | |
if _minor ~= tostring(minor) then | |
return tonumber(_minor) > minor | |
end | |
return tonumber(_build) >= build | |
end | |
local function hasWebKitSameSiteBug(useragent) | |
return isIosVersion(12, useragent) or | |
(isMacosxVersion(10, 14, useragent) and | |
(isSafari(useragent) or isMacEmbeddedBrowser(useragent))) | |
end | |
local function dropsUnrecognizedSameSiteCookies(useragent) | |
if isUcBrowser(useragent) then | |
return not isUcBrowserVersionAtLeast(12, 13, 2, useragent) | |
end | |
return isChromiumBased(useragent) and not | |
isChromiumVersionAtLeast(67, useragent) | |
end | |
local function isSameSiteNoneIncompatible(useragent) | |
return hasWebKitSameSiteBug(useragent) or | |
dropsUnrecognizedSameSiteCookies(useragent) | |
end | |
function ShouldSendSameSiteNone.shouldSendSameSiteNone(useragent) | |
return not isSameSiteNoneIncompatible(useragent) | |
end | |
return ShouldSendSameSiteNone |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment