providers/proxy: fix redis cookies missing strict path (#7135)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
bc595a9724
commit
dd7d3bf738
|
@ -50,6 +50,7 @@ func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL)
|
|||
Domain: *p.CookieDomain,
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
MaxAge: maxAge,
|
||||
Path: externalHost.Path,
|
||||
})
|
||||
|
||||
a.log.Trace("using redis session backend")
|
||||
|
@ -66,11 +67,11 @@ func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL)
|
|||
// Note, when using the FilesystemStore only the session.ID is written to a browser cookie, so this is explicit for the storage on disk
|
||||
cs.MaxLength(math.MaxInt)
|
||||
cs.Options.HttpOnly = true
|
||||
if strings.ToLower(externalHost.Scheme) == "https" {
|
||||
cs.Options.Secure = true
|
||||
}
|
||||
cs.Options.Secure = strings.ToLower(externalHost.Scheme) == "https"
|
||||
cs.Options.Domain = *p.CookieDomain
|
||||
cs.Options.SameSite = http.SameSiteLaxMode
|
||||
cs.Options.MaxAge = maxAge
|
||||
cs.Options.Path = externalHost.Path
|
||||
a.log.WithField("dir", dir).Trace("using filesystem session backend")
|
||||
return cs
|
||||
}
|
||||
|
|
Reference in a new issue