Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit0d53795

Browse files
authored
feat: Add strict transport security and secure cookie options (#741)
1 parentbb6c12d commit0d53795

File tree

3 files changed

+6
-0
lines changed

3 files changed

+6
-0
lines changed

‎cli/start.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,7 @@ func start() *cobra.Command {
5656
tlsMinVersionstring
5757
useTunnelbool
5858
traceDatadogbool
59+
secureAuthCookiebool
5960
)
6061
root:=&cobra.Command{
6162
Use:"start",
@@ -132,6 +133,7 @@ func start() *cobra.Command {
132133
Database:databasefake.New(),
133134
Pubsub:database.NewPubsubInMemory(),
134135
GoogleTokenValidator:validator,
136+
SecureAuthCookie:secureAuthCookie,
135137
}
136138

137139
if!dev {
@@ -334,6 +336,7 @@ func start() *cobra.Command {
334336
cliflag.BoolVarP(root.Flags(),&useTunnel,"tunnel","","CODER_DEV_TUNNEL",true,"Serve dev mode through a Cloudflare Tunnel for easy setup")
335337
_=root.Flags().MarkHidden("tunnel")
336338
cliflag.BoolVarP(root.Flags(),&traceDatadog,"trace-datadog","","CODER_TRACE_DATADOG",false,"Send tracing data to a datadog agent")
339+
cliflag.BoolVarP(root.Flags(),&secureAuthCookie,"secure-auth-cookie","","CODER_SECURE_AUTH_COOKIE",false,"Specifies if the 'Secure' property is set on browser session cookies")
337340

338341
returnroot
339342
}

‎coderd/coderd.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,8 @@ type Options struct {
2929

3030
AWSCertificates awsidentity.Certificates
3131
GoogleTokenValidator*idtoken.Validator
32+
33+
SecureAuthCookiebool
3234
}
3335

3436
// New constructs the Coder API into an HTTP handler.

‎coderd/users.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -417,6 +417,7 @@ func (api *api) postLogin(rw http.ResponseWriter, r *http.Request) {
417417
Path:"/",
418418
HttpOnly:true,
419419
SameSite:http.SameSiteLaxMode,
420+
Secure:api.SecureAuthCookie,
420421
})
421422

422423
render.Status(r,http.StatusCreated)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp