Fix notifier cookie path (#13654)

Co-authored-by: Ryan Powers <[email protected]>
OrchardCMS · May 14, 2023 · cc52c8d · cc52c8d
1 parent 836aaf4
commit cc52c8d
Showing 1 changed file with 17 additions and 7 deletions.
diff --git a/src/OrchardCore/OrchardCore.DisplayManagement/Notify/NotifyFilter.cs b/src/OrchardCore/OrchardCore.DisplayManagement/Notify/NotifyFilter.cs
@@ -11,7 +11,6 @@
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
 using OrchardCore.DisplayManagement.Layout;
-using OrchardCore.Environment.Shell;
 
 namespace OrchardCore.DisplayManagement.Notify
 {
@@ -25,15 +24,13 @@ public class NotifyFilter : IActionFilter, IAsyncResultFilter, IPageFilter
 
         private NotifyEntry[] _existingEntries = Array.Empty<NotifyEntry>();
         private bool _shouldDeleteCookie;
-        private string _tenantPath;
         private readonly HtmlEncoder _htmlEncoder;
         private readonly ILogger _logger;
 
         public NotifyFilter(
             INotifier notifier,
             ILayoutAccessor layoutAccessor,
             IShapeFactory shapeFactory,
-            ShellSettings shellSettings,
             IDataProtectionProvider dataProtectionProvider,
             HtmlEncoder htmlEncoder,
             ILogger<NotifyFilter> logger)
@@ -45,8 +42,6 @@ public NotifyFilter(
             _layoutAccessor = layoutAccessor;
             _notifier = notifier;
             _shapeFactory = shapeFactory;
-
-            _tenantPath = "/" + shellSettings.RequestUrlPrefix;
         }
 
         private void OnHandlerExecuting(FilterContext filterContext)
@@ -94,7 +89,7 @@ private void OnHandlerExecuted(FilterContext filterContext)
             // String data type used instead of complex array to be session-friendly.
             if (result is not ViewResult && result is not PageResult && _existingEntries.Length > 0)
             {
-                filterContext.HttpContext.Response.Cookies.Append(CookiePrefix, SerializeNotifyEntry(_existingEntries), new CookieOptions { HttpOnly = true, Path = _tenantPath });
+                filterContext.HttpContext.Response.Cookies.Append(CookiePrefix, SerializeNotifyEntry(_existingEntries), GetCookieOptions(filterContext.HttpContext));
             }
         }
 
@@ -168,7 +163,7 @@ public async Task OnResultExecutionAsync(ResultExecutingContext filterContext, R
 
         private void DeleteCookies(ResultExecutingContext filterContext)
         {
-            filterContext.HttpContext.Response.Cookies.Delete(CookiePrefix, new CookieOptions { Path = _tenantPath });
+            filterContext.HttpContext.Response.Cookies.Delete(CookiePrefix, GetCookieOptions(filterContext.HttpContext));
         }
 
         private string SerializeNotifyEntry(NotifyEntry[] notifyEntries)
@@ -206,5 +201,20 @@ private void DeserializeNotifyEntries(string value, out NotifyEntry[] messageEnt
                 _logger.LogWarning("The notification entries could not be decrypted");
             }
         }
+
+        private static CookieOptions GetCookieOptions(HttpContext httpContext)
+        {
+            var cookieOptions = new CookieOptions
+            {
+                HttpOnly = true
+            };
+
+            if (!httpContext.Request.PathBase.Equals(PathString.Empty))
+            {
+                cookieOptions.Path = httpContext.Request.PathBase;
+            }
+
+            return cookieOptions;
+        }
     }
 }