go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-06-17 00:17:40 +02:00
Code Issues Releases Activity

Add configuration for cookie 'SameSite' value.

Browse Source 
Values of 'lax' and 'strict' can improve and mitigate
some categories of cross-site traffic tampering.

Given that the nature of this proxy is often to proxy
private tools, this is useful to take advantage of.

See: https://www.owasp.org/index.php/SameSite
This commit is contained in:
Paul Groudas
2019-12-16 13:10:04 -05:00
parent 90f8117fba
commit 5d0827a028
8 changed files with 45 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
main.go
View File

@ -86,6 +86,7 @@ func main() {
flagSet.Duration("cookie-refresh", time.Duration(0), "refresh the cookie after this duration; 0 to disable")
flagSet.Bool("cookie-secure", true, "set secure (HTTPS) cookie flag")
flagSet.Bool("cookie-httponly", true, "set HttpOnly cookie flag")
flagSet.String("cookie-samesite", "", "set SameSite cookie attribute (ie: \"lax\", \"strict\", \"none\", or \"\"). ")
flagSet.String("session-store-type", "cookie", "the session storage provider to use")
flagSet.String("redis-connection-url", "", "URL of redis server for redis session storage (eg: redis://HOST[:PORT])")