feat: add -dev flag for local HTTP testing
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
In development mode (-dev): - HSTS header is omitted (prevents browser caching HTTPS-only requirement) - CSRF cookie Secure flag is cleared (allows cookies over plain HTTP) - A warning is logged on startup Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
1e1888625d
commit
c98fe735ad
3 changed files with 10 additions and 1 deletions
6
main.go
6
main.go
|
|
@ -18,6 +18,7 @@ import (
|
|||
)
|
||||
|
||||
var myPublicURL = "https://ldap.nemunai.re"
|
||||
var devMode bool
|
||||
|
||||
// dockerRegistrySecret is required for X-Special-Auth anonymous access.
|
||||
// If empty, the feature is disabled.
|
||||
|
|
@ -80,9 +81,14 @@ func main() {
|
|||
var baseURL = flag.String("baseurl", "/", "URL prepended to each URL")
|
||||
var configfile = flag.String("config", "", "path to the configuration file")
|
||||
var publicURL = flag.String("public-url", myPublicURL, "Public base URL used in password reset emails")
|
||||
var dev = flag.Bool("dev", false, "Development mode: disables HSTS and cookie Secure flag for local HTTP testing")
|
||||
flag.Parse()
|
||||
|
||||
myPublicURL = *publicURL
|
||||
devMode = *dev
|
||||
if devMode {
|
||||
log.Println("WARNING: running in development mode — security features relaxed, do not use in production")
|
||||
}
|
||||
|
||||
// Sanitize options
|
||||
log.Println("Checking paths...")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue