public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,227 Commits 29 Branches 41 Tags 50 MiB
Commit Graph

11 Commits

Author SHA1 Message Date
Sandy Chen dc8b1623a2
feat(cookie): add feature support for cookie-secret-file (#3104) 
* feat: add feature support for cookie-secret-file

---------

Signed-off-by: Jan Larwig <jan@larwig.com>
Co-Authored-By: Sandy Chen <Yuxuan.Chen@morganstanley.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
 2025-07-22 18:59:55 +02:00
Jan Larwig b57c82181d
feat(cookie) csrf per request limit (#3134) 
* Allow setting maximum number of csrf cookies, deleting the oldest if necessary

* Add a test for multiple CSRF cookies to remove the old cookie

* Add docs/changelog

* If limit is <=0 do not clear

Signed-off-by: test <bert@transtrend.com>

* Better docs

Co-authored-by: Jan Larwig <jan@larwig.com>

* direct check of option value

Co-authored-by: Jan Larwig <jan@larwig.com>

* direct use of option value

Co-authored-by: Jan Larwig <jan@larwig.com>

* sort based on clock compare vs time compare

Co-authored-by: Jan Larwig <jan@larwig.com>

* clock.Clock does not implement Compare, fix csrf cookie extraction after rename

Signed-off-by: Bert Helderman <bert@transtrend.com>

* Linter fix

* add method signature documentation and slight formatting

Signed-off-by: Jan Larwig <jan@larwig.com>

* fix: test case for csrf cookie limit and flag

Signed-off-by: Jan Larwig <jan@larwig.com>

---------

Signed-off-by: Bert Helderman <bert@transtrend.com>
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: test <bert@transtrend.com>
Co-authored-by: bh-tt <71650427+bh-tt@users.noreply.github.com>
 2025-07-20 16:44:42 +02:00
Nuno Miguel Micaelo Borges a1ff878fdc
Add flags to define CSRF cookie expiration time and to allow CSRF cookies per request (#1708) 
* Add start of state to CSRF cookie name

* Update CHANGELOG.md

* Update CHANGELOG.md

* Support optional flags

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update overview.md

Add new CSRF flags

* Update overview.md

Describe new CSRF flags

Co-authored-by: Nuno Borges <Nuno.Borges@ctw.bmwgroup.com>
 2022-08-31 23:27:56 +01:00
Joel Speed 211fd3a010
Rename CookieOptions to Cookie 2020-07-05 09:18:21 +01:00
Joel Speed b3ba2594c6
Create Cookie FlagSet and Defaults 2020-07-05 09:17:28 +01:00
Joel Speed 810a9e9967
Rename cookie-domain config to cookie-domains (#559) 
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
 2020-05-24 20:19:56 +01:00
Joel Speed c3f9cbeb3d
Remove Env tags from Cookie and Session Options 2020-05-21 22:43:42 +01:00
Joel Speed 458710149c
Rename Cookie Options to remove extra 'Cookie' 2020-04-29 19:51:24 +01:00
Eric Dahlseng a659b9558e
Allow multiple cookie domains to be specified (#412) 
* Allow multiple cookie domains to be specified

* Use X-Forwarded-Host, if it exists, when selecting cookie domain

* Perform cookie domain sorting in config validation phase

* Extract get domain cookies to a single function

* Update pkg/cookies/cookies.go

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* Update changelog

Co-authored-by: Marcos Lilljedahl <marcosnils@gmail.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-04-12 12:00:44 +01:00
Paul Groudas 5d0827a028 Add configuration for cookie 'SameSite' value. 
Values of 'lax' and 'strict' can improve and mitigate
some categories of cross-site traffic tampering.

Given that the nature of this proxy is often to proxy
private tools, this is useful to take advantage of.

See: https://www.owasp.org/index.php/SameSite
 2020-01-06 12:21:52 -05:00
Joel Speed fd6655411b
Move cookie configuration to separate package 2019-05-18 13:09:59 +02:00