3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-18 11:37:08 +02:00
Code Issues Projects Releases Packages Wiki Activity

config: validate cookie_secure option (#4484)

Browse source 
Do not allow the combination of 'cookie_same_site: none' and
'cookie_secure: false'.

Cookies with SameSite=None must also set the Secure option, see
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#none.
This commit is contained in:
Kenneth Jenkins 2023-08-23 10:43:01 -07:00 committed by GitHub
parent c95f1695ec
commit 5a4acc5cd3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
config/options_test.go
View file

@ -62,6 +62,9 @@ func Test_Validate(t *testing.T) {
missingStorageDSN.DataBrokerStorageType = "redis"
badSignoutRedirectURL := testOptions()
badSignoutRedirectURL.SignOutRedirectURLString = "--"
badCookieSettings := testOptions()
badCookieSettings.CookieSameSite = "none"
badCookieSettings.CookieSecure = false
tests := []struct {
name string
@ -76,6 +79,7 @@ func Test_Validate(t *testing.T) {
{"invalid databroker storage type", invalidStorageType, true},
{"missing databroker storage dsn", missingStorageDSN, true},
{"invalid signout redirect url", badSignoutRedirectURL, true},
{"CookieSameSite none with CookieSecure fale", badCookieSettings, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {