fix(lib): use a new cookie per domain when COOKIE_DOMAIN is set (#490)
Also properly re-brand the cookies so that some of the /x/ heritage is lost. This will invalidate existing cookies and probably affects tests. Signed-off-by: Xe Iaso <me@xeiaso.net>
This commit is contained in:
Xe Iaso
GitHub
parent
9009596ded
commit
6c0ff3f4d5
5 changed files with 20 additions and 8 deletions
|
|
@ -67,6 +67,7 @@ type Server struct {
|
|||
priv ed25519.PrivateKey
|
||||
pub ed25519.PublicKey
|
||||
opts Options
|
||||
cookieName string
|
||||
}
|
||||
|
||||
func (s *Server) challengeFor(r *http.Request, difficulty int) string {
|
||||
|
|
@ -117,7 +118,7 @@ func (s *Server) maybeReverseProxy(w http.ResponseWriter, r *http.Request, httpS
|
|||
return
|
||||
}
|
||||
|
||||
ckie, err := r.Cookie(anubis.CookieName)
|
||||
ckie, err := r.Cookie(s.cookieName)
|
||||
if err != nil {
|
||||
lg.Debug("cookie not found", "path", r.URL.Path)
|
||||
s.ClearCookie(w)
|
||||
|
|
@ -360,7 +361,7 @@ func (s *Server) PassChallenge(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
http.SetCookie(w, &http.Cookie{
|
||||
Name: anubis.CookieName,
|
||||
Name: s.cookieName,
|
||||
Value: tokenString,
|
||||
Expires: time.Now().Add(s.opts.CookieExpiration),
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue