From d4ca478b4449b9d3a55e7c671e42236b2b5d84de Mon Sep 17 00:00:00 2001 From: William Petit Date: Tue, 13 Oct 2020 14:56:28 +0200 Subject: [PATCH 1/2] =?UTF-8?q?Mise=20=C3=A0=20jour=20goweb-oidc?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 6cd238b..46898fe 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module forge.cadoles.com/Cadoles/daddy go 1.14 require ( - forge.cadoles.com/wpetit/goweb-oidc v0.0.0-20201013111944-d43b43b636ed + forge.cadoles.com/wpetit/goweb-oidc v0.0.0-20201013125038-8d8d1519a52d forge.cadoles.com/wpetit/hydra-passwordless v0.0.0-20200908094025-38ac4422dddc // indirect github.com/99designs/gqlgen v0.11.3 github.com/alecthomas/chroma v0.8.1 // indirect diff --git a/go.sum b/go.sum index fcc39b0..193f131 100644 --- a/go.sum +++ b/go.sum @@ -41,6 +41,8 @@ forge.cadoles.com/wpetit/goweb-oidc v0.0.0-20201013085949-5d5592098f13 h1:gZCo9p forge.cadoles.com/wpetit/goweb-oidc v0.0.0-20201013085949-5d5592098f13/go.mod h1:phGAWHUGKNZj044478BvRg0jk049uK1IiX2Amh8krAk= forge.cadoles.com/wpetit/goweb-oidc v0.0.0-20201013111944-d43b43b636ed h1:7dTCXOGxvAulu9vnOjpt2cTgsuxMHX4FH795/JJgo08= forge.cadoles.com/wpetit/goweb-oidc v0.0.0-20201013111944-d43b43b636ed/go.mod h1:phGAWHUGKNZj044478BvRg0jk049uK1IiX2Amh8krAk= +forge.cadoles.com/wpetit/goweb-oidc v0.0.0-20201013125038-8d8d1519a52d h1:o+Ppy/MyT5UgbtUYI2J1YqS3iuThxOuNFenYoPgKZKk= +forge.cadoles.com/wpetit/goweb-oidc v0.0.0-20201013125038-8d8d1519a52d/go.mod h1:phGAWHUGKNZj044478BvRg0jk049uK1IiX2Amh8krAk= forge.cadoles.com/wpetit/hydra-passwordless v0.0.0-20200908094025-38ac4422dddc h1:9gc/1qizPtK6/iMVlizknWUFii75ntl2xSUV/FSC92Y= forge.cadoles.com/wpetit/hydra-passwordless v0.0.0-20200908094025-38ac4422dddc/go.mod h1:nANHORi270d5jDXjeJ7B3pMgK9R4J0/17p1IIc+rhOk= github.com/99designs/gqlgen v0.11.3 h1:oFSxl1DFS9X///uHV3y6CEfpcXWrDUxVblR4Xib2bs4= From 4ee3de773c311901db5e7b00c08eeff4144c1692 Mon Sep 17 00:00:00 2001 From: William Petit Date: Tue, 13 Oct 2020 14:59:25 +0200 Subject: [PATCH 2/2] =?UTF-8?q?Possibilit=C3=A9=20de=20configurer=20les=20?= =?UTF-8?q?options=20du=20cookie?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cmd/server/container.go | 3 ++- internal/config/config.go | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/cmd/server/container.go b/cmd/server/container.go index 925aa19..8694e24 100644 --- a/cmd/server/container.go +++ b/cmd/server/container.go @@ -79,8 +79,9 @@ func getServiceContainer(ctx context.Context, conf *config.Config) (*service.Con // Define default cookie options sessionStore.SessionOpts.Path = "/" sessionStore.SessionOpts.HttpOnly = true + sessionStore.SessionOpts.Secure = conf.HTTP.CookieSecure sessionStore.SessionOpts.MaxAge = conf.HTTP.CookieMaxAge - sessionStore.SessionOpts.SameSite = http.SameSiteStrictMode + sessionStore.SessionOpts.SameSite = http.SameSiteLaxMode ctn.Provide( session.ServiceName, diff --git a/internal/config/config.go b/internal/config/config.go index 9f37b55..2036d28 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -47,6 +47,7 @@ type HTTPConfig struct { CookieAuthenticationKey string `yaml:"cookieAuthenticationKey" env:"HTTP_COOKIE_AUTHENTICATION_KEY"` CookieEncryptionKey string `yaml:"cookieEncryptionKey" env:"HTTP_COOKIE_ENCRYPTION_KEY"` CookieMaxAge int `yaml:"cookieMaxAge" env:"HTTP_COOKIE_MAX_AGE"` + CookieSecure bool `yaml:"cookieSecure" env:"HTTP_COOKIE_SECURE"` TemplateDir string `yaml:"templateDir" env:"HTTP_TEMPLATE_DIR"` PublicDir string `yaml:"publicDir" env:"HTTP_PUBLIC_DIR"` FrontendURL string `yaml:"frontendURL" env:"HTTP_FRONTEND_URL"`