cds icon indicating copy to clipboard operation
cds copied to clipboard

Published 20 hours ago verified publisher icon ovh

sign in insecure http host failed because of cookie secure property

Open drawdy opened this issue 2 years ago • 1 comments

Response of '/auth/consumer/local/signin' API will set cookie for other APIs authentication. Property secure of the cookie is set. This only support https schema.

Here is relevant source code in tag 0.49.0

// engine/api/api.go:923
func (a *API) setCookie(w http.ResponseWriter, c *http.Cookie) {
	if a.Config.URL.UI != "" {
		// ignore parse error, this have been checked at service start
		uiURL, _ := url.Parse(a.Config.URL.UI)
		c.Path = uiURL.Path
		if c.Path == "" {
			c.Path = "/"
		}
	}
	c.SameSite = http.SameSiteStrictMode
	c.Secure = true
	uiURL, _ := url.Parse(a.Config.URL.UI)
	if uiURL != nil && uiURL.Hostname() != "" {
		c.Domain = uiURL.Hostname()
	}
	http.SetCookie(w, c)
}

drawdy avatar Dec 14 '21 00:12 drawdy

see #5792

drawdy avatar Dec 30 '21 07:12 drawdy