traefik-forward-auth
traefik-forward-auth copied to clipboard
Implemented --disable-httponly-cookie
The new option disables the HTTPOnly flag so that JS can access the cookie. This might be a security risk, that's why it's enabled by default. Only use it, if you know, what you're doing.
I think it would be a good idea to warn the user in the help about this security risk.
I'm 👍 for this change but it will need a few tweaks, I'm happy with the name but this will need a few formatting tweaks (indentation on Config object, this should be fixed with go fmt
) and content tweaks (I don't believe the the usage output actually matches what is printed with --help
)