YunoHost/SSOwat
1
0
Fork 0
mirror of https://github.com/YunoHost/SSOwat.git synced 2024-09-03 20:06:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #103 from frju365/patch-1

Browse source 
[fix] Secure cookie setting
This commit is contained in:
Alexandre Aubin 2018-11-04 16:20:59 +01:00 committed by GitHub
commit b68ebc04c7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
helpers.lua
View file

@ -146,7 +146,9 @@ function set_auth_cookie(user, domain)
local cookie_str = "; Domain=."..domain..
"; Path=/"..
"; Expires="..os.date("%a, %d %b %Y %X UTC;", expire)..
"; Secure"
"; Secure"..
"; HttpOnly"..
"; SameSite=Strict"
ngx.header["Set-Cookie"] = {
"SSOwAuthUser="..user..cookie_str,
@ -165,7 +167,9 @@ function delete_cookie()
local cookie_str = "; Domain=."..domain..
"; Path=/"..
"; Expires="..expired_time..
"; Secure"
"; Secure"..
"; HttpOnly"..
"; SameSite=Strict"
ngx.header["Set-Cookie"] = {
"SSOwAuthUser="..cookie_str,
"SSOwAuthHash="..cookie_str,
@ -180,7 +184,9 @@ function delete_redirect_cookie()
local expired_time = "Thu, 01 Jan 1970 00:00:00 UTC;"
local cookie_str = "; Path="..conf["portal_path"]..
"; Expires="..expired_time..
"; Secure"
"; Secure"..
"; HttpOnly"..
"; SameSite=Strict"
ngx.header["Set-Cookie"] = "SSOwAuthRedirect=;" ..cookie_str
end