KEYCLOAK-2828: LoginStatusIframeEndpoint now sets the P3P header.

IE requires a P3P header to be present in <iframe /> response. Otherwise cookies are forbidden. The value of the header does not seem to matter.
2016-04-15 15:48:56 +03:00 · 2016-04-15 15:48:56 +03:00 · cd1094c3ad
commit cd1094c3ad
parent 069d362778
2 changed files with 30 additions and 2 deletions
--- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LoginStatusIframeEndpoint.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LoginStatusIframeEndpoint.java
@ -17,13 +17,19 @@
 package org.keycloak.protocol.oidc.endpoints;
 import org.jboss.logging.Logger;
 import org.jboss.resteasy.spi.NotFoundException;
 import org.keycloak.Config;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.protocol.oidc.utils.RedirectUtils;
 import org.keycloak.common.util.StreamUtil;
 import org.keycloak.common.util.UriUtils;
 import org.keycloak.saml.common.util.StringUtil;
 import org.keycloak.services.validation.Validation;
 import org.keycloak.theme.Theme;
 import org.keycloak.theme.ThemeProvider;
 import javax.ws.rs.GET;
 import javax.ws.rs.Produces;
@ -41,10 +47,14 @@ import java.io.InputStream;
 * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
 */
 public class LoginStatusIframeEndpoint {
    private static final Logger logger = Logger.getLogger(LoginStatusIframeEndpoint.class);
    @Context
    private UriInfo uriInfo;
    @Context
    protected KeycloakSession session;
    private RealmModel realm;
    public LoginStatusIframeEndpoint(RealmModel realm) {
@ -95,15 +105,32 @@ public class LoginStatusIframeEndpoint {
            throw new WebApplicationException(Response.Status.BAD_REQUEST);
        }
        ThemeProvider themeProvider = session.getProvider(ThemeProvider.class, "extending");
        Theme theme;
        try {
            theme = themeProvider.getTheme(realm.getLoginTheme(), Theme.Type.LOGIN);
        } catch (IOException e) {
            logger.error("Failed to create theme", e);
            return Response.serverError().build();
        }
        try {
            String file = StreamUtil.readString(is);
            file = file.replace("ORIGIN", origin);
            Response.ResponseBuilder response = Response.ok(file);
            String p3pValue = theme.getProperties().getProperty("sessionIframeP3P");
            if (!Validation.isBlank(p3pValue)) {
                // This header is required by IE, see KEYCLOAK-2828 for details.
                response.header("P3P", p3pValue);
            }
            CacheControl cacheControl = new CacheControl();
            cacheControl.setNoTransform(false);
            cacheControl.setMaxAge(Config.scope("theme").getInt("staticMaxAge", -1));
-            return Response.ok(file).cacheControl(cacheControl).build();
+            return response.cacheControl(cacheControl).build();
        } catch (IOException e) {
            throw new WebApplicationException(e, Response.Status.BAD_REQUEST);
        }
--- a/themes/src/main/resources/theme/base/login/theme.properties
+++ b/themes/src/main/resources/theme/base/login/theme.properties
@ -1 +1,2 @@
-locales=ca,de,en,es,fr,it,pt-BR
+locales=ca,de,en,es,fr,it,pt-BR
 sessionIframeP3P=CP="This is not a P3P policy!"
`@ -1 +1,2 @@`
	`locales=ca,de,en,es,fr,it,pt-BR`	`locales=ca,de,en,es,fr,it,pt-BR`
		`sessionIframeP3P=CP="This is not a P3P policy!"`