Skip to content

Commit 0d53795

Browse files
f0sself0ssel
authored
feat: Add strict transport security and secure cookie options (#741)
1 parent bb6c12d commit 0d53795

File tree

3 files changed

+6
-0
lines changed

3 files changed

+6
-0
lines changed

cli/start.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,7 @@ func start() *cobra.Command {
5656
tlsMinVersion string
5757
useTunnel bool
5858
traceDatadog bool
59+
secureAuthCookie bool
5960
)
6061
root := &cobra.Command{
6162
Use: "start",
@@ -132,6 +133,7 @@ func start() *cobra.Command {
132133
Database: databasefake.New(),
133134
Pubsub: database.NewPubsubInMemory(),
134135
GoogleTokenValidator: validator,
136+
SecureAuthCookie: secureAuthCookie,
135137
}
136138

137139
if !dev {
@@ -334,6 +336,7 @@ func start() *cobra.Command {
334336
cliflag.BoolVarP(root.Flags(), &useTunnel, "tunnel", "", "CODER_DEV_TUNNEL", true, "Serve dev mode through a Cloudflare Tunnel for easy setup")
335337
_ = root.Flags().MarkHidden("tunnel")
336338
cliflag.BoolVarP(root.Flags(), &traceDatadog, "trace-datadog", "", "CODER_TRACE_DATADOG", false, "Send tracing data to a datadog agent")
339+
cliflag.BoolVarP(root.Flags(), &secureAuthCookie, "secure-auth-cookie", "", "CODER_SECURE_AUTH_COOKIE", false, "Specifies if the 'Secure' property is set on browser session cookies")
337340

338341
return root
339342
}

coderd/coderd.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,8 @@ type Options struct {
2929

3030
AWSCertificates awsidentity.Certificates
3131
GoogleTokenValidator *idtoken.Validator
32+
33+
SecureAuthCookie bool
3234
}
3335

3436
// New constructs the Coder API into an HTTP handler.

coderd/users.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -417,6 +417,7 @@ func (api *api) postLogin(rw http.ResponseWriter, r *http.Request) {
417417
Path: "/",
418418
HttpOnly: true,
419419
SameSite: http.SameSiteLaxMode,
420+
Secure: api.SecureAuthCookie,
420421
})
421422

422423
render.Status(r, http.StatusCreated)

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy