From 171fc49c9de0c8a47f585c579201b6d23f5e7b72 Mon Sep 17 00:00:00 2001
From: Kristoffer Dalby <kristoffer@tailscale.com>
Date: Mon, 6 Jan 2025 15:02:40 +0100
Subject: [PATCH] use more specific path for cookie

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
---
 hscontrol/oidc.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hscontrol/oidc.go b/hscontrol/oidc.go
index cbdf094113..8f3003cb1c 100644
--- a/hscontrol/oidc.go
+++ b/hscontrol/oidc.go
@@ -233,6 +233,7 @@ func (a *AuthProviderOIDC) OIDCCallbackHandler(
 		return
 	}
 
+	log.Debug().Interface("cookies", req.Cookies()).Msg("Received oidc callback")
 	cookieState, err := req.Cookie("state")
 	if err != nil {
 		http.Error(writer, "state not found", http.StatusBadRequest)
@@ -627,7 +628,7 @@ func setCSRFCookie(w http.ResponseWriter, r *http.Request, name string) (string,
 	}
 
 	c := &http.Cookie{
-		Path:     "/",
+		Path:     "/oidc/callback",
 		Name:     name,
 		Value:    val,
 		MaxAge:   int(time.Hour.Seconds()),