providers/proxy: set outpost session cookie to httponly and secure wh… (#6482)
* providers/proxy: set outpost session cookie to httponly and secure when possible Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set samesite too Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
06091364fc
commit
0782b3b0fa
|
@ -3,6 +3,7 @@ package application
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"math"
|
"math"
|
||||||
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"path"
|
"path"
|
||||||
|
@ -37,7 +38,12 @@ func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL)
|
||||||
rs.SetMaxLength(math.MaxInt)
|
rs.SetMaxLength(math.MaxInt)
|
||||||
rs.SetKeyPrefix(RedisKeyPrefix)
|
rs.SetKeyPrefix(RedisKeyPrefix)
|
||||||
|
|
||||||
|
rs.Options.HttpOnly = true
|
||||||
|
if strings.ToLower(externalHost.Scheme) == "https" {
|
||||||
|
rs.Options.Secure = true
|
||||||
|
}
|
||||||
rs.Options.Domain = *p.CookieDomain
|
rs.Options.Domain = *p.CookieDomain
|
||||||
|
rs.Options.SameSite = http.SameSiteLaxMode
|
||||||
a.log.Trace("using redis session backend")
|
a.log.Trace("using redis session backend")
|
||||||
return rs
|
return rs
|
||||||
}
|
}
|
||||||
|
@ -51,7 +57,12 @@ func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL)
|
||||||
|
|
||||||
// Note, when using the FilesystemStore only the session.ID is written to a browser cookie, so this is explicit for the storage on disk
|
// Note, when using the FilesystemStore only the session.ID is written to a browser cookie, so this is explicit for the storage on disk
|
||||||
cs.MaxLength(math.MaxInt)
|
cs.MaxLength(math.MaxInt)
|
||||||
|
cs.Options.HttpOnly = true
|
||||||
|
if strings.ToLower(externalHost.Scheme) == "https" {
|
||||||
|
cs.Options.Secure = true
|
||||||
|
}
|
||||||
cs.Options.Domain = *p.CookieDomain
|
cs.Options.Domain = *p.CookieDomain
|
||||||
|
cs.Options.SameSite = http.SameSiteLaxMode
|
||||||
a.log.WithField("dir", dir).Trace("using filesystem session backend")
|
a.log.WithField("dir", dir).Trace("using filesystem session backend")
|
||||||
return cs
|
return cs
|
||||||
}
|
}
|
||||||
|
|
Reference in New Issue