New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Control Cookie Domain #3409

Open

bigkevmcd opened this issue Feb 15, 2023 · 0 comments

Labels

type/enhancement

Contributor

bigkevmcd commented Feb 15, 2023

Problem
The Cookie we set is not secure (this should be enabled by default) and does not set the request domain.

We should configure the request domain to control where the cookie is sent https://pkg.go.dev/net/http#Cookie

Solution
Allow configuring the Cookie domain.

And maybe allow disabling the Secure cookie (for test purposes).

Additional context
We don't want cookies to be sent outside of the originating domain!

bigkevmcd added the type/enhancement label

bigkevmcd mentioned this issue

High-Impact Subdomain Takeover weaveworks/weave-gitops-private#109

Open

15 tasks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment