Added an option to disable https-only

2 years ago · d07b1d4dba
3 changed files with 10 additions and 7 deletions
--- a/config/config.go
+++ b/config/config.go
@ -14,10 +14,11 @@ type Device struct {
				@@ -14,10 +14,11 @@ type Device struct {
 }

 type config struct {
-	Server     string
-	PassHash   string
-	SessionTTL float64
-	Devices    []Device
+	Server        string
+	PassHash      string
+	SessionTTL    float64
+	StrictCookies bool
+	Devices       []Device
 }

 var Config config
@ -26,8 +27,9 @@ var configPath string
				@@ -26,8 +27,9 @@ var configPath string

 func init() {
 	Config = config{
-		Server:     ":8080",
-		SessionTTL: 10,
+		Server:        ":8080",
+		SessionTTL:    10,
+		StrictCookies: true,
 	}

 	// Locations to look for a config file for
--- a/example/config.toml
+++ b/example/config.toml
@ -1,6 +1,7 @@
				@@ -1,6 +1,7 @@
 Server = ":8080" # The address the webserver should bind to
 PassHash = "$2a$10$I.26oCzkjZ8qwfhbmeYM3.kppBjxtPsxkeE1Y.ULjVvA1IBPcQP42" # "password"
 SessionTTL = 10  # How many minutes sessions last for
+StrictCookies = true # Whether to use the strict cookie policy (HTTPS Only)

 [[Devices]]
  Alias = "SomeDevice"
--- a/web/auth.go
+++ b/web/auth.go
@ -59,7 +59,7 @@ func auth(c echo.Context) error {
				@@ -59,7 +59,7 @@ func auth(c echo.Context) error {
 		Name:     "session",
 		Value:    token,
 		Path:     "/",
-		Secure:   true,
+		Secure:   config.Config.StrictCookies,
 		HttpOnly: true,
 		SameSite: http.SameSiteStrictMode,
 	})