cds
cds copied to clipboard
sign in insecure http host failed because of cookie secure property
Response of '/auth/consumer/local/signin' API will set cookie for other APIs authentication. Property secure of the cookie is set. This only support https schema.
Here is relevant source code in tag 0.49.0
// engine/api/api.go:923
func (a *API) setCookie(w http.ResponseWriter, c *http.Cookie) {
if a.Config.URL.UI != "" {
// ignore parse error, this have been checked at service start
uiURL, _ := url.Parse(a.Config.URL.UI)
c.Path = uiURL.Path
if c.Path == "" {
c.Path = "/"
}
}
c.SameSite = http.SameSiteStrictMode
c.Secure = true
uiURL, _ := url.Parse(a.Config.URL.UI)
if uiURL != nil && uiURL.Hostname() != "" {
c.Domain = uiURL.Hostname()
}
http.SetCookie(w, c)
}
see #5792