parent
db9db41bc8
commit
51b57dc0a5
|
@ -176,6 +176,17 @@ There can be up to 2 files:
|
||||||
|
|
||||||
Both files are machine readable text files.
|
Both files are machine readable text files.
|
||||||
|
|
||||||
|
### How can I disable the SameSite and Secure cookies?
|
||||||
|
|
||||||
|
Beginning with `v1.30.0`, when the Netdata Agent's web server processes a request, it delivers the `SameSite=none`
|
||||||
|
and `Secure` cookies. If you have problems accessing the local Agent dashboard or Netdata Cloud, disable these
|
||||||
|
cookies by [editing `netdata.conf`](/docs/configure/nodes.md#use-edit-config-to-edit-configuration-files):
|
||||||
|
|
||||||
|
```conf
|
||||||
|
[registry]
|
||||||
|
enable cookies SameSite and Secure = no
|
||||||
|
```
|
||||||
|
|
||||||
## The future
|
## The future
|
||||||
|
|
||||||
The registry opens a whole world of new possibilities for Netdata. Check here what we think:
|
The registry opens a whole world of new possibilities for Netdata. Check here what we think:
|
||||||
|
|
|
@ -23,7 +23,7 @@ static inline void registry_unlock(void) {
|
||||||
// COOKIES
|
// COOKIES
|
||||||
|
|
||||||
static void registry_set_cookie(struct web_client *w, const char *guid) {
|
static void registry_set_cookie(struct web_client *w, const char *guid) {
|
||||||
char edate[100];
|
char edate[100], domain[512];
|
||||||
time_t et = now_realtime_sec() + registry.persons_expiration;
|
time_t et = now_realtime_sec() + registry.persons_expiration;
|
||||||
struct tm etmbuf, *etm = gmtime_r(&et, &etmbuf);
|
struct tm etmbuf, *etm = gmtime_r(&et, &etmbuf);
|
||||||
strftime(edate, sizeof(edate), "%a, %d %b %Y %H:%M:%S %Z", etm);
|
strftime(edate, sizeof(edate), "%a, %d %b %Y %H:%M:%S %Z", etm);
|
||||||
|
@ -31,7 +31,22 @@ static void registry_set_cookie(struct web_client *w, const char *guid) {
|
||||||
snprintfz(w->cookie1, NETDATA_WEB_REQUEST_COOKIE_SIZE, NETDATA_REGISTRY_COOKIE_NAME "=%s; Expires=%s", guid, edate);
|
snprintfz(w->cookie1, NETDATA_WEB_REQUEST_COOKIE_SIZE, NETDATA_REGISTRY_COOKIE_NAME "=%s; Expires=%s", guid, edate);
|
||||||
|
|
||||||
if(registry.registry_domain && registry.registry_domain[0])
|
if(registry.registry_domain && registry.registry_domain[0])
|
||||||
snprintfz(w->cookie2, NETDATA_WEB_REQUEST_COOKIE_SIZE, NETDATA_REGISTRY_COOKIE_NAME "=%s; Domain=%s; Expires=%s", guid, registry.registry_domain, edate);
|
snprintfz(domain, 511, "Domain=%s", registry.registry_domain);
|
||||||
|
else
|
||||||
|
domain[0]='\0';
|
||||||
|
|
||||||
|
int length = snprintfz(w->cookie2, NETDATA_WEB_REQUEST_COOKIE_SIZE,
|
||||||
|
NETDATA_REGISTRY_COOKIE_NAME "=%s; Expires=%s; %s",
|
||||||
|
guid, edate, domain);
|
||||||
|
|
||||||
|
size_t remaining_length = NETDATA_WEB_REQUEST_COOKIE_SIZE - length;
|
||||||
|
// 25 is the necessary length to add new cookies
|
||||||
|
if (registry.enable_cookies_samesite_secure) {
|
||||||
|
if (length > 0 && remaining_length > 25)
|
||||||
|
snprintfz(&w->cookie2[length], remaining_length, "; SameSite=None; Secure");
|
||||||
|
else
|
||||||
|
error("Netdata does not have enough space to store cookies SameSite and Secure");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline void registry_set_person_cookie(struct web_client *w, REGISTRY_PERSON *p) {
|
static inline void registry_set_person_cookie(struct web_client *w, REGISTRY_PERSON *p) {
|
||||||
|
|
|
@ -39,6 +39,7 @@ int registry_init(void) {
|
||||||
registry.registry_to_announce = config_get(CONFIG_SECTION_REGISTRY, "registry to announce", "https://registry.my-netdata.io");
|
registry.registry_to_announce = config_get(CONFIG_SECTION_REGISTRY, "registry to announce", "https://registry.my-netdata.io");
|
||||||
registry.hostname = config_get(CONFIG_SECTION_REGISTRY, "registry hostname", netdata_configured_hostname);
|
registry.hostname = config_get(CONFIG_SECTION_REGISTRY, "registry hostname", netdata_configured_hostname);
|
||||||
registry.verify_cookies_redirects = config_get_boolean(CONFIG_SECTION_REGISTRY, "verify browser cookies support", 1);
|
registry.verify_cookies_redirects = config_get_boolean(CONFIG_SECTION_REGISTRY, "verify browser cookies support", 1);
|
||||||
|
registry.enable_cookies_samesite_secure = config_get_boolean(CONFIG_SECTION_REGISTRY, "enable cookies SameSite and Secure", 1);
|
||||||
|
|
||||||
registry_update_cloud_base_url();
|
registry_update_cloud_base_url();
|
||||||
setenv("NETDATA_REGISTRY_HOSTNAME", registry.hostname, 1);
|
setenv("NETDATA_REGISTRY_HOSTNAME", registry.hostname, 1);
|
||||||
|
|
|
@ -40,6 +40,7 @@ struct registry {
|
||||||
char *cloud_base_url;
|
char *cloud_base_url;
|
||||||
time_t persons_expiration; // seconds to expire idle persons
|
time_t persons_expiration; // seconds to expire idle persons
|
||||||
int verify_cookies_redirects;
|
int verify_cookies_redirects;
|
||||||
|
int enable_cookies_samesite_secure;
|
||||||
|
|
||||||
size_t max_url_length;
|
size_t max_url_length;
|
||||||
size_t max_name_length;
|
size_t max_name_length;
|
||||||
|
|
Loading…
Reference in New Issue