From d07b1d4dba9f784c16d06565f6dfe1f564ed5a58 Mon Sep 17 00:00:00 2001 From: adro Date: Thu, 28 Apr 2022 11:08:11 +0200 Subject: [PATCH] Added an option to disable https-only --- config/config.go | 14 ++++++++------ example/config.toml | 1 + web/auth.go | 2 +- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/config/config.go b/config/config.go index 580b99e..2ca0475 100644 --- a/config/config.go +++ b/config/config.go @@ -14,10 +14,11 @@ type Device struct { } type config struct { - Server string - PassHash string - SessionTTL float64 - Devices []Device + Server string + PassHash string + SessionTTL float64 + StrictCookies bool + Devices []Device } var Config config @@ -26,8 +27,9 @@ var configPath string func init() { Config = config{ - Server: ":8080", - SessionTTL: 10, + Server: ":8080", + SessionTTL: 10, + StrictCookies: true, } // Locations to look for a config file for diff --git a/example/config.toml b/example/config.toml index f388eca..90c7155 100644 --- a/example/config.toml +++ b/example/config.toml @@ -1,6 +1,7 @@ Server = ":8080" # The address the webserver should bind to PassHash = "$2a$10$I.26oCzkjZ8qwfhbmeYM3.kppBjxtPsxkeE1Y.ULjVvA1IBPcQP42" # "password" SessionTTL = 10 # How many minutes sessions last for +StrictCookies = true # Whether to use the strict cookie policy (HTTPS Only) [[Devices]] Alias = "SomeDevice" diff --git a/web/auth.go b/web/auth.go index e11fd3d..6ec7d16 100644 --- a/web/auth.go +++ b/web/auth.go @@ -59,7 +59,7 @@ func auth(c echo.Context) error { Name: "session", Value: token, Path: "/", - Secure: true, + Secure: config.Config.StrictCookies, HttpOnly: true, SameSite: http.SameSiteStrictMode, })