Merge pull request #58 from tomtaylor/httponly-cookie
Add flag to enable/disable cookie's HttpOnly flag.
This commit is contained in:
Jehiah Czebotar
commit
1f8797e468
|
|
@ -42,3 +42,4 @@
|
||||||
# cookie_domain = ""
|
# cookie_domain = ""
|
||||||
# cookie_expire = "168h"
|
# cookie_expire = "168h"
|
||||||
# cookie_https_only = true
|
# cookie_https_only = true
|
||||||
|
# cookie_httponly = true
|
||||||
|
|
|
||||||
1
main.go
1
main.go
|
|
@ -41,6 +41,7 @@ func main() {
|
||||||
flagSet.String("cookie-domain", "", "an optional cookie domain to force cookies to (ie: .yourcompany.com)*")
|
flagSet.String("cookie-domain", "", "an optional cookie domain to force cookies to (ie: .yourcompany.com)*")
|
||||||
flagSet.Duration("cookie-expire", time.Duration(168)*time.Hour, "expire timeframe for cookie")
|
flagSet.Duration("cookie-expire", time.Duration(168)*time.Hour, "expire timeframe for cookie")
|
||||||
flagSet.Bool("cookie-https-only", true, "set HTTPS only cookie")
|
flagSet.Bool("cookie-https-only", true, "set HTTPS only cookie")
|
||||||
|
flagSet.Bool("cookie-httponly", true, "set HttpOnly cookie")
|
||||||
|
|
||||||
flagSet.Parse(os.Args[1:])
|
flagSet.Parse(os.Args[1:])
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -27,6 +27,7 @@ type OauthProxy struct {
|
||||||
CookieKey string
|
CookieKey string
|
||||||
CookieDomain string
|
CookieDomain string
|
||||||
CookieHttpsOnly bool
|
CookieHttpsOnly bool
|
||||||
|
CookieHttpOnly bool
|
||||||
CookieExpire time.Duration
|
CookieExpire time.Duration
|
||||||
Validator func(string) bool
|
Validator func(string) bool
|
||||||
|
|
||||||
|
|
@ -67,12 +68,13 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
|
||||||
if domain == "" {
|
if domain == "" {
|
||||||
domain = "<default>"
|
domain = "<default>"
|
||||||
}
|
}
|
||||||
log.Printf("Cookie settings: https_only: %v expiry: %s domain:%s", opts.CookieHttpsOnly, opts.CookieExpire, domain)
|
log.Printf("Cookie settings: https_only: %v httponly: %v expiry: %s domain:%s", opts.CookieHttpsOnly, opts.CookieHttpOnly, opts.CookieExpire, domain)
|
||||||
return &OauthProxy{
|
return &OauthProxy{
|
||||||
CookieKey: "_oauthproxy",
|
CookieKey: "_oauthproxy",
|
||||||
CookieSeed: opts.CookieSecret,
|
CookieSeed: opts.CookieSecret,
|
||||||
CookieDomain: opts.CookieDomain,
|
CookieDomain: opts.CookieDomain,
|
||||||
CookieHttpsOnly: opts.CookieHttpsOnly,
|
CookieHttpsOnly: opts.CookieHttpsOnly,
|
||||||
|
CookieHttpOnly: opts.CookieHttpOnly,
|
||||||
CookieExpire: opts.CookieExpire,
|
CookieExpire: opts.CookieExpire,
|
||||||
Validator: validator,
|
Validator: validator,
|
||||||
|
|
||||||
|
|
@ -197,7 +199,7 @@ func (p *OauthProxy) ClearCookie(rw http.ResponseWriter, req *http.Request) {
|
||||||
Path: "/",
|
Path: "/",
|
||||||
Domain: domain,
|
Domain: domain,
|
||||||
Expires: time.Now().Add(time.Duration(1) * time.Hour * -1),
|
Expires: time.Now().Add(time.Duration(1) * time.Hour * -1),
|
||||||
HttpOnly: true,
|
HttpOnly: p.CookieHttpOnly,
|
||||||
}
|
}
|
||||||
http.SetCookie(rw, cookie)
|
http.SetCookie(rw, cookie)
|
||||||
}
|
}
|
||||||
|
|
@ -213,7 +215,7 @@ func (p *OauthProxy) SetCookie(rw http.ResponseWriter, req *http.Request, val st
|
||||||
Value: signedCookieValue(p.CookieSeed, p.CookieKey, val),
|
Value: signedCookieValue(p.CookieSeed, p.CookieKey, val),
|
||||||
Path: "/",
|
Path: "/",
|
||||||
Domain: domain,
|
Domain: domain,
|
||||||
HttpOnly: true,
|
HttpOnly: p.CookieHttpOnly,
|
||||||
Secure: p.CookieHttpsOnly,
|
Secure: p.CookieHttpsOnly,
|
||||||
Expires: time.Now().Add(p.CookieExpire),
|
Expires: time.Now().Add(p.CookieExpire),
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,7 @@ type Options struct {
|
||||||
CookieDomain string `flag:"cookie-domain" cfg:"cookie_domain" env:"GOOGLE_AUTH_PROXY_COOKIE_DOMAIN"`
|
CookieDomain string `flag:"cookie-domain" cfg:"cookie_domain" env:"GOOGLE_AUTH_PROXY_COOKIE_DOMAIN"`
|
||||||
CookieExpire time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"GOOGLE_AUTH_PROXY_COOKIE_EXPIRE"`
|
CookieExpire time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"GOOGLE_AUTH_PROXY_COOKIE_EXPIRE"`
|
||||||
CookieHttpsOnly bool `flag:"cookie-https-only" cfg:"cookie_https_only"`
|
CookieHttpsOnly bool `flag:"cookie-https-only" cfg:"cookie_https_only"`
|
||||||
|
CookieHttpOnly bool `flag:"cookie-httponly" cfg:"cookie_httponly"`
|
||||||
AuthenticatedEmailsFile string `flag:"authenticated-emails-file" cfg:"authenticated_emails_file"`
|
AuthenticatedEmailsFile string `flag:"authenticated-emails-file" cfg:"authenticated_emails_file"`
|
||||||
GoogleAppsDomains []string `flag:"google-apps-domain" cfg:"google_apps_domains"`
|
GoogleAppsDomains []string `flag:"google-apps-domain" cfg:"google_apps_domains"`
|
||||||
Upstreams []string `flag:"upstream" cfg:"upstreams"`
|
Upstreams []string `flag:"upstream" cfg:"upstreams"`
|
||||||
|
|
@ -37,6 +38,7 @@ func NewOptions() *Options {
|
||||||
HttpAddress: "127.0.0.1:4180",
|
HttpAddress: "127.0.0.1:4180",
|
||||||
DisplayHtpasswdForm: true,
|
DisplayHtpasswdForm: true,
|
||||||
CookieHttpsOnly: true,
|
CookieHttpsOnly: true,
|
||||||
|
CookieHttpOnly: true,
|
||||||
PassBasicAuth: true,
|
PassBasicAuth: true,
|
||||||
CookieExpire: time.Duration(168) * time.Hour,
|
CookieExpire: time.Duration(168) * time.Hour,
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue