Merge branch 'master' into jmprieur/removingUis

jmprieur · web-flow · commit 00e7c8c313ec · 2020-02-17T17:37:31.000-08:00
diff --git a/.gitignore b/.gitignore
@@ -12,6 +12,8 @@
 /Microsoft.Identity.Web.UI/bin
 /Microsoft.Identity.Web.UI/obj
 /Microsoft.Identity.Web.Test/.vs
+/Microsoft.Identity.Web.UI/bin
+/Microsoft.Identity.Web.UI/obj
 /Microsoft.Identity.Web.Test/bin
 /Microsoft.Identity.Web.Test/obj
 /1-WebApp-OIDC/1-1-MyOrg/.vs
@@ -117,7 +119,6 @@
 /4-WebApp-your-API/Client/obj
 /2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/bin
 /2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph/obj
-/Microsoft.Identity.Web.Test/obj
 /4-WebApp-your-API/4-1-MyOrg/.vs
 /4-WebApp-your-API/4-1-MyOrg/Client/bin
 /4-WebApp-your-API/4-1-MyOrg/Client/obj
diff --git a/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj b/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
@@ -57,6 +57,6 @@
     <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="3.1.1" />
     <PackageReference Include="Microsoft.AspNetCore.DataProtection.Abstractions" Version="3.1.1" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="3.1.1" />
-    <PackageReference Include="Microsoft.Identity.Client" Version="4.8.1" />
+    <PackageReference Include="Microsoft.Identity.Client" Version="4.8.2" />
   </ItemGroup>
 </Project>
diff --git a/Microsoft.Identity.Web/WebAppServiceCollectionExtensions.cs b/Microsoft.Identity.Web/WebAppServiceCollectionExtensions.cs
@@ -308,5 +308,50 @@ public static AuthenticationBuilder AddSignIn(
 
             return builder;
         }
+      
+
+        // Method taken from https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/
+        public static bool DisallowsSameSiteNone(string userAgent)
+        {
+            if (string.IsNullOrEmpty(userAgent))
+            {
+                return false;
+            }
+
+            // Cover all iOS based browsers here. This includes:
+            // - Safari on iOS 12 for iPhone, iPod Touch, iPad
+            // - WkWebview on iOS 12 for iPhone, iPod Touch, iPad
+            // - Chrome on iOS 12 for iPhone, iPod Touch, iPad
+            // All of which are broken by SameSite=None, because they use the iOS networking
+            // stack.
+            if (userAgent.Contains("CPU iPhone OS 12") ||
+                userAgent.Contains("iPad; CPU OS 12"))
+            {
+                return true;
+            }
+
+            // Cover Mac OS X based browsers that use the Mac OS networking stack. 
+            // This includes:
+            // - Safari on Mac OS X.
+            // This does not include:
+            // - Chrome on Mac OS X
+            // Because they do not use the Mac OS networking stack.
+            if (userAgent.Contains("Macintosh; Intel Mac OS X 10_14") &&
+                userAgent.Contains("Version/") && userAgent.Contains("Safari"))
+            {
+                return true;
+            }
+
+            // Cover Chrome 50-69, because some versions are broken by SameSite=None, 
+            // and none in this range require it.
+            // Note: this covers some pre-Chromium Edge versions, 
+            // but pre-Chromium Edge does not require SameSite=None.
+            if (userAgent.Contains("Chrome/5") || userAgent.Contains("Chrome/6"))
+            {
+                return true;
+            }
+          
+            return false;
+        }
     }
 }
