traefik-forward-auth icon indicating copy to clipboard operation
traefik-forward-auth copied to clipboard

Published 20 hours ago verified publisher icon thomseddon

Implemented --disable-httponly-cookie

Open kettenbach-it opened this issue 4 years ago • 2 comments

The new option disables the HTTPOnly flag so that JS can access the cookie. This might be a security risk, that's why it's enabled by default. Only use it, if you know, what you're doing.

kettenbach-it avatar Feb 17 '20 18:02 kettenbach-it

I think it would be a good idea to warn the user in the help about this security risk.

SuperSandro2000 avatar Feb 18 '20 01:02 SuperSandro2000

I'm 👍 for this change but it will need a few tweaks, I'm happy with the name but this will need a few formatting tweaks (indentation on Config object, this should be fixed with go fmt) and content tweaks (I don't believe the the usage output actually matches what is printed with --help)

thomseddon avatar Jun 30 '20 20:06 thomseddon