mirror of
https://github.com/drakkan/sftpgo.git
synced 2024-11-22 07:30:25 +00:00
web UI cookie: set the Secure flags if we are over TLS
This commit is contained in:
parent
9985224966
commit
afe1da92c5
2 changed files with 5 additions and 3 deletions
|
@ -107,7 +107,7 @@ func (c *jwtTokenClaims) createTokenResponse(tokenAuth *jwtauth.JWTAuth) (map[st
|
|||
return response, nil
|
||||
}
|
||||
|
||||
func (c *jwtTokenClaims) createAndSetCookie(w http.ResponseWriter, tokenAuth *jwtauth.JWTAuth) error {
|
||||
func (c *jwtTokenClaims) createAndSetCookie(w http.ResponseWriter, r *http.Request, tokenAuth *jwtauth.JWTAuth) error {
|
||||
resp, err := c.createTokenResponse(tokenAuth)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -118,6 +118,7 @@ func (c *jwtTokenClaims) createAndSetCookie(w http.ResponseWriter, tokenAuth *jw
|
|||
Path: webBasePath,
|
||||
Expires: time.Now().Add(tokenDuration),
|
||||
HttpOnly: true,
|
||||
Secure: r.TLS != nil,
|
||||
})
|
||||
|
||||
return nil
|
||||
|
@ -130,6 +131,7 @@ func (c *jwtTokenClaims) removeCookie(w http.ResponseWriter, r *http.Request) {
|
|||
Path: webBasePath,
|
||||
MaxAge: -1,
|
||||
HttpOnly: true,
|
||||
Secure: r.TLS != nil,
|
||||
})
|
||||
invalidateToken(r)
|
||||
}
|
||||
|
|
|
@ -128,7 +128,7 @@ func (s *httpdServer) handleWebLoginPost(w http.ResponseWriter, r *http.Request)
|
|||
Signature: admin.GetSignature(),
|
||||
}
|
||||
|
||||
err = c.createAndSetCookie(w, s.tokenAuth)
|
||||
err = c.createAndSetCookie(w, r, s.tokenAuth)
|
||||
if err != nil {
|
||||
renderLoginPage(w, err.Error())
|
||||
return
|
||||
|
@ -224,7 +224,7 @@ func (s *httpdServer) checkCookieExpiration(w http.ResponseWriter, r *http.Reque
|
|||
}
|
||||
}
|
||||
logger.Debug(logSender, "", "cookie refreshed for admin %#v", admin.Username)
|
||||
tokenClaims.createAndSetCookie(w, s.tokenAuth) //nolint:errcheck
|
||||
tokenClaims.createAndSetCookie(w, r, s.tokenAuth) //nolint:errcheck
|
||||
}
|
||||
|
||||
func (s *httpdServer) updateContextFromCookie(r *http.Request) *http.Request {
|
||||
|
|
Loading…
Reference in a new issue