Merge pull request #103 from frju365/patch-1

[fix] Secure cookie setting
This commit is contained in:
Alexandre Aubin 2018-11-04 16:20:59 +01:00 committed by GitHub
commit b68ebc04c7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -146,7 +146,9 @@ function set_auth_cookie(user, domain)
local cookie_str = "; Domain=."..domain.. local cookie_str = "; Domain=."..domain..
"; Path=/".. "; Path=/"..
"; Expires="..os.date("%a, %d %b %Y %X UTC;", expire).. "; Expires="..os.date("%a, %d %b %Y %X UTC;", expire)..
"; Secure" "; Secure"..
"; HttpOnly"..
"; SameSite=Strict"
ngx.header["Set-Cookie"] = { ngx.header["Set-Cookie"] = {
"SSOwAuthUser="..user..cookie_str, "SSOwAuthUser="..user..cookie_str,
@ -165,7 +167,9 @@ function delete_cookie()
local cookie_str = "; Domain=."..domain.. local cookie_str = "; Domain=."..domain..
"; Path=/".. "; Path=/"..
"; Expires="..expired_time.. "; Expires="..expired_time..
"; Secure" "; Secure"..
"; HttpOnly"..
"; SameSite=Strict"
ngx.header["Set-Cookie"] = { ngx.header["Set-Cookie"] = {
"SSOwAuthUser="..cookie_str, "SSOwAuthUser="..cookie_str,
"SSOwAuthHash="..cookie_str, "SSOwAuthHash="..cookie_str,
@ -180,7 +184,9 @@ function delete_redirect_cookie()
local expired_time = "Thu, 01 Jan 1970 00:00:00 UTC;" local expired_time = "Thu, 01 Jan 1970 00:00:00 UTC;"
local cookie_str = "; Path="..conf["portal_path"].. local cookie_str = "; Path="..conf["portal_path"]..
"; Expires="..expired_time.. "; Expires="..expired_time..
"; Secure" "; Secure"..
"; HttpOnly"..
"; SameSite=Strict"
ngx.header["Set-Cookie"] = "SSOwAuthRedirect=;" ..cookie_str ngx.header["Set-Cookie"] = "SSOwAuthRedirect=;" ..cookie_str
end end