Skip to content

Commit 368ead5

Browse files
f0sself0ssel
committed
pr comments
1 parent 197b163 commit 368ead5

File tree

4 files changed

+26
-19
lines changed

4 files changed

+26
-19
lines changed

cli/start.go

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ func start() *cobra.Command {
5757
useTunnel bool
5858
traceDatadog bool
5959
strictTransportSecurity bool
60-
secureCookie bool
60+
secureAuthCookie bool
6161
)
6262
root := &cobra.Command{
6363
Use: "start",
@@ -129,13 +129,13 @@ func start() *cobra.Command {
129129
}
130130
logger := slog.Make(sloghuman.Sink(os.Stderr))
131131
options := &coderd.Options{
132-
AccessURL: accessURLParsed,
133-
Logger: logger.Named("coderd"),
134-
Database: databasefake.New(),
135-
Pubsub: database.NewPubsubInMemory(),
136-
GoogleTokenValidator: validator,
137-
HSTS: strictTransportSecurity,
138-
SecureCookie: secureCookie,
132+
AccessURL: accessURLParsed,
133+
Logger: logger.Named("coderd"),
134+
Database: databasefake.New(),
135+
Pubsub: database.NewPubsubInMemory(),
136+
GoogleTokenValidator: validator,
137+
StrictTransportSecurity: strictTransportSecurity,
138+
SecureAuthCookie: secureAuthCookie,
139139
}
140140

141141
if !dev {
@@ -339,7 +339,7 @@ func start() *cobra.Command {
339339
_ = root.Flags().MarkHidden("tunnel")
340340
cliflag.BoolVarP(root.Flags(), &traceDatadog, "trace-datadog", "", "CODER_TRACE_DATADOG", false, "Send tracing data to a datadog agent")
341341
cliflag.BoolVarP(root.Flags(), &strictTransportSecurity, "strict-transport-security", "", "CODER_STRICT_TRANSPORT_SECURITY", false, "Set the 'strict-transport-security' header on http responses")
342-
cliflag.BoolVarP(root.Flags(), &secureCookie, "secure-cookie", "", "CODER_SECURE_COOKIE", false, "Set the 'Secure' property on browser session cookies")
342+
cliflag.BoolVarP(root.Flags(), &secureAuthCookie, "secure-auth-cookie", "", "CODER_SECURE_AUTH_COOKIE", false, "Set the 'Secure' property on browser session cookies")
343343

344344
return root
345345
}

coderd/coderd.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,8 +30,8 @@ type Options struct {
3030
AWSCertificates awsidentity.Certificates
3131
GoogleTokenValidator *idtoken.Validator
3232

33-
HSTS bool
34-
SecureCookie bool
33+
StrictTransportSecurity bool
34+
SecureAuthCookie bool
3535
}
3636

3737
// New constructs the Coder API into an HTTP handler.
@@ -50,7 +50,7 @@ func New(options *Options) (http.Handler, func()) {
5050
r.Route("/api/v2", func(r chi.Router) {
5151
r.Use(
5252
chitrace.Middleware(),
53-
httpmw.HSTS(api.HSTS),
53+
httpmw.StrictTransportSecurity(api.StrictTransportSecurity),
5454
)
5555
r.Get("/", func(w http.ResponseWriter, r *http.Request) {
5656
httpapi.Write(w, http.StatusOK, httpapi.Response{

coderd/httpmw/hsts.go renamed to coderd/httpmw/stricttransportsecurity.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,8 @@ import (
77
)
88

99
const (
10-
StrictTransportSecurityHeader = "Strict-Transport-Security"
11-
StrictTransportSecurityMaxAge = time.Hour * 24 * 365 // 1 year
10+
strictTransportSecurityHeader = "Strict-Transport-Security"
11+
strictTransportSecurityMaxAge = time.Hour * 24 * 365 // 1 year
1212
)
1313

1414
// StrictTransportSecurity will add the strict-transport-security header if enabled.
@@ -25,7 +25,7 @@ func StrictTransportSecurity(enable bool) func(next http.Handler) http.Handler {
2525
return func(next http.Handler) http.Handler {
2626
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
2727
if enable {
28-
w.Header().Set(StrictTransportSecurityHeader, fmt.Sprintf("max-age=%d", int64(StrictTransportSecurityMaxAge.Seconds())))
28+
w.Header().Set(strictTransportSecurityHeader, fmt.Sprintf("max-age=%d", int64(strictTransportSecurityMaxAge.Seconds())))
2929
}
3030

3131
next.ServeHTTP(w, r)

coderd/httpmw/hsts_test.go renamed to coderd/httpmw/stricttransportsecurity_test.go

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,17 @@ import (
55
"net/http"
66
"net/http/httptest"
77
"testing"
8+
"time"
89

9-
"github.com/coder/coder/coderd/httpmw"
1010
"github.com/go-chi/chi/v5"
1111
"github.com/stretchr/testify/require"
12+
13+
"github.com/coder/coder/coderd/httpmw"
14+
)
15+
16+
const (
17+
strictTransportSecurityHeader = "Strict-Transport-Security"
18+
strictTransportSecurityMaxAge = time.Hour * 24 * 365
1219
)
1320

1421
func TestStrictTransportSecurity(t *testing.T) {
@@ -32,14 +39,14 @@ func TestStrictTransportSecurity(t *testing.T) {
3239

3340
res := setup(true)
3441
defer res.Body.Close()
35-
require.Contains(t, res.Header.Get(httpmw.StrictTransportSecurityHeader), fmt.Sprintf("max-age=%d", int64(httpmw.StrictTransportSecurityMaxAge)))
42+
require.Contains(t, res.Header.Get(strictTransportSecurityHeader), fmt.Sprintf("max-age=%d", int64(strictTransportSecurityMaxAge.Seconds())))
3643
})
3744
t.Run("False", func(t *testing.T) {
3845
t.Parallel()
3946

4047
res := setup(false)
4148
defer res.Body.Close()
42-
require.NotContains(t, res.Header.Get(httpmw.StrictTransportSecurityHeader), fmt.Sprintf("max-age=%d", int64(httpmw.StrictTransportSecurityMaxAge)))
43-
require.Equal(t, res.Header.Get(httpmw.StrictTransportSecurityHeader), "")
49+
require.NotContains(t, res.Header.Get(strictTransportSecurityHeader), fmt.Sprintf("max-age=%d", int64(strictTransportSecurityMaxAge.Seconds())))
50+
require.Equal(t, res.Header.Get(strictTransportSecurityHeader), "")
4451
})
4552
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy