fix(dashboard): conditionally restore __Host- cookie prefix (SEC-03)
Restore the __Host- browser guarantees for the default secure deployment without breaking plaintext/dev: - DashboardServiceCollectionExtensions PostConfigure now resolves the cookie name as: explicit MxGateway:Dashboard:CookieName override wins; else __Host-MxGatewayDashboard when SecurePolicy==Always (RequireHttpsCookie true); else the plain MxGatewayDashboard default. Guard: never apply the __Host- prefix without Secure (browsers silently drop it). - DashboardAuthenticationDefaults: add SecureCookieName const; keep the plain CookieName as the non-secure fallback. - Docs corrected to the actual conditional contract (five stale claims): gateway.md, GatewayProcessDesign.md, ImplementationPlanGateway.md, GatewayDashboardDesign.md, CLAUDE.md; GatewayConfiguration.md phrasing tightened. - Test: DashboardCookieOptionsTests asserts the name flips with RequireHttpsCookie and that an explicit override wins. Server build clean (0 warnings); Dashboard tests 149/149. Claude-Session: https://claude.ai/code/session_01DMXXvNuPekkkrTEyPNxEkW
This commit is contained in:
@@ -435,7 +435,11 @@ Implemented behavior:
|
||||
`ClaimTypes.Role` claims, alongside the per-group `mxgateway:ldap_group`
|
||||
claims;
|
||||
- a successful login signs in the `MxGateway.Dashboard` cookie scheme
|
||||
(`__Host-MxGatewayDashboard`, HttpOnly, SameSite=Strict, Secure);
|
||||
(HttpOnly, SameSite=Strict, Secure); the cookie is named
|
||||
`__Host-MxGatewayDashboard` when `MxGateway:Dashboard:RequireHttpsCookie` is
|
||||
true (default) and no `MxGateway:Dashboard:CookieName` override is set,
|
||||
otherwise the plain `MxGatewayDashboard` name is used (the `__Host-` prefix is
|
||||
only honoured on a Secure cookie);
|
||||
- a user with no matching group cannot sign in — the login screen returns the
|
||||
generic credential-rejected message;
|
||||
- antiforgery tokens guard the login and logout POSTs.
|
||||
|
||||
Reference in New Issue
Block a user