* Allow multiple cookie domains to be specified
* Use X-Forwarded-Host, if it exists, when selecting cookie domain
* Perform cookie domain sorting in config validation phase
* Extract get domain cookies to a single function
* Update pkg/cookies/cookies.go
Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>
* Update changelog
Co-authored-by: Marcos Lilljedahl <marcosnils@gmail.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Upgrade base image tags and golangci-lint
* Upgrade golang and golangci-lint in travis-ci
* fix: tests, pointed out by golangci-lint and format files
* Upgrade dependencies
* update changelog
* fix: tests related to https://github.com/pusher/oauth2_proxy/pull/418
* Separate tests using go version build tags
* Update CHANGELOG
* Revert "Separate tests using go version build tags"
This reverts commit 9b7e65eb90cae954dc7b6316345d3207205d488a.
* fix test to support go1.14 and go1.13
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Values of 'lax' and 'strict' can improve and mitigate
some categories of cross-site traffic tampering.
Given that the nature of this proxy is often to proxy
private tools, this is useful to take advantage of.
See: https://www.owasp.org/index.php/SameSite
