Don't enforce secure cookie flag if external URL begins with http://
Closes: #3
This commit is contained in:
parent
69b7ff179b
commit
eb60b3fbde
|
@ -36,6 +36,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
|
@ -138,18 +139,26 @@ func completeAuth(opts *config.Options, c *gin.Context, email string, service st
|
||||||
c.SetCookie(
|
c.SetCookie(
|
||||||
COOKIE_NAME, // name
|
COOKIE_NAME, // name
|
||||||
base64.StdEncoding.EncodeToString(session.Id), // value
|
base64.StdEncoding.EncodeToString(session.Id), // value
|
||||||
30*24*3600, // maxAge
|
30*24*3600, // maxAge
|
||||||
opts.BaseURL+"/", // path
|
opts.BaseURL+"/", // path
|
||||||
"", // domain
|
"", // domain
|
||||||
opts.DevProxy == "", // secure
|
opts.DevProxy == "" && !strings.HasPrefix(opts.ExternalURL, "http://"), // secure
|
||||||
true, // httpOnly
|
true, // httpOnly
|
||||||
)
|
)
|
||||||
|
|
||||||
c.JSON(http.StatusOK, currentUser(usr))
|
c.JSON(http.StatusOK, currentUser(usr))
|
||||||
}
|
}
|
||||||
|
|
||||||
func logout(opts *config.Options, c *gin.Context) {
|
func logout(opts *config.Options, c *gin.Context) {
|
||||||
c.SetCookie(COOKIE_NAME, "", -1, opts.BaseURL+"/", "", opts.DevProxy == "", true)
|
c.SetCookie(
|
||||||
|
COOKIE_NAME,
|
||||||
|
"",
|
||||||
|
-1,
|
||||||
|
opts.BaseURL+"/",
|
||||||
|
"",
|
||||||
|
opts.DevProxy == "" && !strings.HasPrefix(opts.ExternalURL, "http://"),
|
||||||
|
true,
|
||||||
|
)
|
||||||
c.JSON(http.StatusOK, true)
|
c.JSON(http.StatusOK, true)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user