mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-21 06:20:05 -06:00
Code Issues Packages Projects Releases Wiki Activity

Attempt to request storage access for cookies (#25055) (#25063)

Browse Source 
Closes #23872

Signed-off-by: Jon Koops <jonkoops@gmail.com>
This commit is contained in:
Jon Koops
2023-11-29 06:28:49 +01:00
committed by GitHub
parent 02f91c4643
commit ad2be7469d
3 changed files with 41 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
js/libs/keycloak-js/src/keycloak.js
View File

@@ -201,7 +201,7 @@ function Keycloak (config) {
var ifrm = document.createElement("iframe");
var src = kc.createLoginUrl({prompt: 'none', redirectUri: kc.silentCheckSsoRedirectUri});
ifrm.setAttribute("src", src);
ifrm.setAttribute("sandbox", "allow-scripts allow-same-origin");
ifrm.setAttribute("sandbox", "allow-storage-access-by-user-activation allow-scripts allow-same-origin");
ifrm.setAttribute("title", "keycloak-silent-check-sso");
ifrm.style.display = "none";
document.body.appendChild(ifrm);
@@ -1197,7 +1197,7 @@ function Keycloak (config) {
var src = kc.endpoints.checkSessionIframe();
iframe.setAttribute('src', src );
iframe.setAttribute('sandbox', 'allow-scripts allow-same-origin');
iframe.setAttribute('sandbox', 'allow-storage-access-by-user-activation allow-scripts allow-same-origin');
iframe.setAttribute('title', 'keycloak-session-iframe' );
iframe.style.display = 'none';
document.body.appendChild(iframe);
@@ -1270,7 +1270,7 @@ function Keycloak (config) {
if (loginIframe.enable || kc.silentCheckSsoRedirectUri) {
var iframe = document.createElement('iframe');
iframe.setAttribute('src', kc.endpoints.thirdPartyCookiesIframe());
iframe.setAttribute('sandbox', 'allow-scripts allow-same-origin');
iframe.setAttribute('sandbox', 'allow-storage-access-by-user-activation allow-scripts allow-same-origin');
iframe.setAttribute('title', 'keycloak-3p-check-iframe' );
iframe.style.display = 'none';
document.body.appendChild(iframe);

20
services/src/main/resources/org/keycloak/protocol/oidc/endpoints/3p-cookies-step1.html
View File

@@ -20,12 +20,30 @@
}
}
// See https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API/Using#checking_and_requesting_storage_access
async function hasStorageAccess() {
// Check if the Storage Access API is supported, if not, pretend we have access.
// This is for older browsers, where support can be determined using the test cookie.
if (!("hasStorageAccess" in document)) {
return true;
}
return document.hasStorageAccess();
// Check if we already have been granted storage access, if so, signal access.
if (await document.hasStorageAccess()) {
return true;
}
try {
// Attempt to request storage access without a user interaction.
// This might fail, and if it does an exception will be thrown.
await document.requestStorageAccess();
// If no exceptions are thrown, then signal access.
return true;
} catch (error) {
// If an exception is thrown, then signal no access.
return false;
}
}
function attemptWithTestCookie() {

20
services/src/main/resources/org/keycloak/protocol/oidc/endpoints/login-status-iframe.html
View File

@@ -72,12 +72,30 @@
return "error";
}
// See https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API/Using#checking_and_requesting_storage_access
async function hasStorageAccess() {
// Check if the Storage Access API is supported, if not, pretend we have access.
// This is for older browsers, where support can be determined using the test cookie.
if (!("hasStorageAccess" in document)) {
return true;
}
return document.hasStorageAccess();
// Check if we already have been granted storage access, if so, signal access.
if (await document.hasStorageAccess()) {
return true;
}
try {
// Attempt to request storage access without a user interaction.
// This might fail, and if it does an exception will be thrown.
await document.requestStorageAccess();
// If no exceptions are thrown, then signal access.
return true;
} catch (error) {
// If an exception is thrown, then signal no access.
return false;
}
}
function getSessionCookie() {