3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-01 16:01:26 +02:00
Code Issues Projects Releases Packages Wiki Activity

config: allow dynamic configuration of cookie settings (#1267)

Browse source
This commit is contained in:
Caleb Doxsey 2020-08-13 08:11:34 -06:00 committed by GitHub
parent 0c51ad0e66
commit fbf5b403b9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 184 additions and 165 deletions
Download patch file Download diff file Expand all files Collapse all files

15
proxy/handlers.go
View file

@ -25,12 +25,15 @@ func (p *Proxy) registerDashboardHandlers(r *mux.Router) *mux.Router {
// 2. AuthN - Verify the user is authenticated. Set email, group, & id headers
h.Use(p.AuthenticateSession)
// 3. Enforce CSRF protections for any non-idempotent http method
h.Use(csrf.Protect(
p.cookieSecret,
csrf.Secure(p.cookieOptions.Secure),
csrf.CookieName(fmt.Sprintf("%s_csrf", p.cookieOptions.Name)),
csrf.ErrorHandler(httputil.HandlerFunc(httputil.CSRFFailureHandler)),
))
h.Use(func(h http.Handler) http.Handler {
opts := p.currentOptions.Load()
return csrf.Protect(
p.cookieSecret,
csrf.Secure(opts.CookieSecure),
csrf.CookieName(fmt.Sprintf("%s_csrf", opts.CookieName)),
csrf.ErrorHandler(httputil.HandlerFunc(httputil.CSRFFailureHandler)),
)(h)
})
// dashboard endpoints can be used by user's to view, or modify their session
h.Path("/").HandlerFunc(p.UserDashboard).Methods(http.MethodGet)
h.Path("/sign_out").HandlerFunc(p.SignOut).Methods(http.MethodGet, http.MethodPost)