always set httponly (there is no good reason not to); simplify httponly and expire flags

2025-06-15 00:15:00 +02:00 · 2014-11-08 13:26:55 -05:00
parent 6cdf05e7f2
commit bc26835076
3 changed files with 13 additions and 22 deletions
--- a/oauthproxy.go
+++ b/oauthproxy.go
@ -184,27 +184,14 @@ func (p *OauthProxy) SetCookie(rw http.ResponseWriter, req *http.Request, val st
 	if *cookieDomain != "" && strings.HasSuffix(domain, *cookieDomain) {
 		domain = *cookieDomain
 	}
-	need_expire := true
-	expire := time.Now().Add(time.Duration(*cookieExpire))
-	if *cookieExpire == 0 {
-		need_expire = false
-	}
-	http_only := true
-	secure := false
-	if *cookieSecure {
-		http_only = false
-		secure = true
-	}
 	cookie := &http.Cookie{
 		Name:     p.CookieKey,
 		Value:    signedCookieValue(p.CookieSeed, p.CookieKey, val),
 		Path:     "/",
 		Domain:   domain,
-		HttpOnly: http_only,
-		Secure:   secure,
-	}
-	if need_expire {
-		cookie.Expires = expire
+		HttpOnly: true,
+		Secure:   *cookieHttpsOnly,
+		Expires:  time.Now().Add(*cookieExpire),
 	}
 	http.SetCookie(rw, cookie)
 }