Skip to content

Commit

Permalink
use named form for the Http Post binding
Browse files Browse the repository at this point in the history 
So that the CSP hash is unique to this form
  • Loading branch information
@explunit
explunit committed May 31, 2019
1 parent 3119979 commit 1f9e359
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 13 deletions.
2 changes: 1 addition & 1 deletion Samples/SampleMvcApplication/Web.config
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@
<default-src self="true"/>
<script-src self="true" strictDynamic="true">
<!--the auto-posting javascript generated when HttpPost binding is in use-->
<add source="sha256-P3ctnFLM5WKMitbWbZPkh7TsbhvCPtdF7mlwMUv2pgc="/>
<add source="sha256-H3SVZBYrbqBt3ncrT/nNmOb6nwCjC12cPQzh5jnW4Y0="/>
</script-src>
<style-src self="true" unsafeInline="false" />
<img-src self="true" />
Expand Down
6 changes: 3 additions & 3 deletions Sustainsys.Saml2/WebSSO/Saml2PostBinding.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ public override CommandResult Bind(ISaml2Message message, ILoggerAdapter logger)
""http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"">
<html xmlns=""http://www.w3.org/1999/xhtml"" xml:lang=""en"">
<head>
<meta http-equiv=""Content-Security-Policy"" content=""script-src 'sha256-P3ctnFLM5WKMitbWbZPkh7TsbhvCPtdF7mlwMUv2pgc='"">
<meta http-equiv=""Content-Security-Policy"" content=""script-src 'sha256-H3SVZBYrbqBt3ncrT/nNmOb6nwCjC12cPQzh5jnW4Y0='"">
</head>
<body>
<noscript>
Expand All @@ -103,7 +103,7 @@ public override CommandResult Bind(ISaml2Message message, ILoggerAdapter logger)
you must press the Continue button once to proceed.
</p>
</noscript>
<form action=""{0}"" method=""post"">
<form action=""{0}"" method=""post"" name=""sustainsysSamlPostBindingSubmit"">
<div>{1}
<input type=""hidden"" name=""{2}""
value=""{3}""/>
Expand All @@ -115,7 +115,7 @@ you must press the Continue button once to proceed.
</noscript>
</form>
<script type=""text/javascript"">
document.forms[0].submit();
document.forms.sustainsysSamlPostBindingSubmit.submit();
</script>
</body>
</html>";
Expand Down
18 changes: 9 additions & 9 deletions Tests/Tests.Shared/WebSSO/Saml2PostBindingTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ public void Saml2PostBinding_Bind()
""http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"">
<html xmlns=""http://www.w3.org/1999/xhtml"" xml:lang=""en"">
<head>
<meta http-equiv=""Content-Security-Policy"" content=""script-src 'sha256-P3ctnFLM5WKMitbWbZPkh7TsbhvCPtdF7mlwMUv2pgc='"">
<meta http-equiv=""Content-Security-Policy"" content=""script-src 'sha256-H3SVZBYrbqBt3ncrT/nNmOb6nwCjC12cPQzh5jnW4Y0='"">
</head>
<body>
<noscript>
Expand All @@ -143,7 +143,7 @@ public void Saml2PostBinding_Bind()
you must press the Continue button once to proceed.
</p>
</noscript>
<form action=""http://www.example.com/acs"" method=""post"">
<form action=""http://www.example.com/acs"" method=""post"" name=""sustainsysSamlPostBindingSubmit"">
<div>
<input type=""hidden"" name=""SAMLMessageName""
value=""PHJvb3Q+PGNvbnRlbnQ+ZGF0YTwvY29udGVudD48L3Jvb3Q+""/>
Expand All @@ -155,7 +155,7 @@ you must press the Continue button once to proceed.
</noscript>
</form>
<script type=""text/javascript"">
document.forms[0].submit();
document.forms.sustainsysSamlPostBindingSubmit.submit();
</script>
</body>
</html>"
Expand Down Expand Up @@ -185,7 +185,7 @@ public void Saml2PostBinding_Bind_WithRelayState()
""http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"">
<html xmlns=""http://www.w3.org/1999/xhtml"" xml:lang=""en"">
<head>
<meta http-equiv=""Content-Security-Policy"" content=""script-src 'sha256-P3ctnFLM5WKMitbWbZPkh7TsbhvCPtdF7mlwMUv2pgc='"">
<meta http-equiv=""Content-Security-Policy"" content=""script-src 'sha256-H3SVZBYrbqBt3ncrT/nNmOb6nwCjC12cPQzh5jnW4Y0='"">
</head>
<body>
<noscript>
Expand All @@ -194,7 +194,7 @@ public void Saml2PostBinding_Bind_WithRelayState()
you must press the Continue button once to proceed.
</p>
</noscript>
<form action=""http://www.example.com/acs"" method=""post"">
<form action=""http://www.example.com/acs"" method=""post"" name=""sustainsysSamlPostBindingSubmit"">
<div>
<input type=""hidden"" name=""RelayState"" value=""ABC1234""/>
<input type=""hidden"" name=""SAMLMessageName""
Expand All @@ -207,7 +207,7 @@ you must press the Continue button once to proceed.
</noscript>
</form>
<script type=""text/javascript"">
document.forms[0].submit();
document.forms.sustainsysSamlPostBindingSubmit.submit();
</script>
</body>
</html>"
Expand Down Expand Up @@ -242,7 +242,7 @@ public void Saml2PostBinding_Bind_SignsXml()
""http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"">
<html xmlns=""http://www.w3.org/1999/xhtml"" xml:lang=""en"">
<head>
<meta http-equiv=""Content-Security-Policy"" content=""script-src 'sha256-P3ctnFLM5WKMitbWbZPkh7TsbhvCPtdF7mlwMUv2pgc='"">
<meta http-equiv=""Content-Security-Policy"" content=""script-src 'sha256-H3SVZBYrbqBt3ncrT/nNmOb6nwCjC12cPQzh5jnW4Y0='"">
</head>
<body>
<noscript>
Expand All @@ -251,7 +251,7 @@ public void Saml2PostBinding_Bind_SignsXml()
you must press the Continue button once to proceed.
</p>
</noscript>
<form action=""http://www.example.com/acs"" method=""post"">
<form action=""http://www.example.com/acs"" method=""post"" name=""sustainsysSamlPostBindingSubmit"">
<div>
<input type=""hidden"" name=""RelayState"" value=""ABC1234""/>
<input type=""hidden"" name=""SAMLMessageName""
Expand All @@ -264,7 +264,7 @@ you must press the Continue button once to proceed.
</noscript>
</form>
<script type=""text/javascript"">
document.forms[0].submit();
document.forms.sustainsysSamlPostBindingSubmit.submit();
</script>
</body>
</html>"
Expand Down

0 comments on commit 1f9e359

Please sign in to comment.