mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
Enable secure and httpOnly option for sessions
These are 2 measures for improving security of cookies. One is used to not send the cookie over HTTP (only HTTPS) and the other tells the browser to disallow client-side code accessing the cookie.
This commit is contained in:
parent
6e3a9494ce
commit
92b78f7c15
|
@ -5,6 +5,8 @@ services:
|
|||
restart: always
|
||||
volumes:
|
||||
- ./config.template.yml:/etc/authelia/config.yml:ro
|
||||
environment:
|
||||
- NODE_TLS_REJECT_UNAUTHORIZED=0
|
||||
depends_on:
|
||||
- redis
|
||||
networks:
|
||||
|
|
|
@ -6,6 +6,8 @@ services:
|
|||
volumes:
|
||||
- ./config.template.yml:/etc/authelia/config.yml:ro
|
||||
- ./notifications:/var/lib/authelia/notifications
|
||||
environment:
|
||||
- NODE_TLS_REJECT_UNAUTHORIZED=0
|
||||
depends_on:
|
||||
- redis
|
||||
networks:
|
||||
|
|
|
@ -35,6 +35,7 @@ http {
|
|||
proxy_set_header X-Original-URI $request_uri;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
proxy_pass http://authelia/;
|
||||
|
||||
|
@ -73,6 +74,7 @@ http {
|
|||
internal;
|
||||
proxy_set_header X-Original-URI $request_uri;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Content-Length "";
|
||||
|
||||
|
@ -126,6 +128,7 @@ http {
|
|||
internal;
|
||||
proxy_set_header X-Original-URI $request_uri;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Content-Length "";
|
||||
|
||||
|
@ -162,6 +165,7 @@ http {
|
|||
internal;
|
||||
proxy_set_header X-Original-URI $request_uri;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Content-Length "";
|
||||
|
||||
|
@ -198,6 +202,7 @@ http {
|
|||
internal;
|
||||
proxy_set_header X-Original-URI $request_uri;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Content-Length "";
|
||||
|
||||
|
@ -234,6 +239,7 @@ http {
|
|||
internal;
|
||||
proxy_set_header X-Original-URI $request_uri;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Content-Length "";
|
||||
|
||||
|
|
|
@ -1,7 +1,5 @@
|
|||
#! /usr/bin/env node
|
||||
|
||||
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
|
||||
|
||||
import Server from "./lib/Server";
|
||||
import { GlobalDependencies } from "../types/Dependencies";
|
||||
import YAML = require("yamljs");
|
||||
|
|
|
@ -23,8 +23,8 @@ import * as http from "http";
|
|||
const addRequestId = require("express-request-id")();
|
||||
|
||||
// Constants
|
||||
|
||||
const TRUST_PROXY = "trust proxy";
|
||||
const X_POWERED_BY = "x-powered-by";
|
||||
const VIEWS = "views";
|
||||
const VIEW_ENGINE = "view engine";
|
||||
const PUG = "pug";
|
||||
|
@ -54,9 +54,9 @@ export default class Server {
|
|||
app.use(BodyParser.json());
|
||||
app.use(deps.session(expressSessionOptions));
|
||||
app.use(addRequestId);
|
||||
app.disable("x-powered-by");
|
||||
app.disable(X_POWERED_BY);
|
||||
app.enable(TRUST_PROXY);
|
||||
|
||||
app.set(TRUST_PROXY, 1);
|
||||
app.set(VIEWS, viewsDirectory);
|
||||
app.set(VIEW_ENGINE, PUG);
|
||||
|
||||
|
|
|
@ -12,7 +12,8 @@ export class SessionConfigurationBuilder {
|
|||
resave: false,
|
||||
saveUninitialized: true,
|
||||
cookie: {
|
||||
secure: false,
|
||||
secure: true,
|
||||
httpOnly: true,
|
||||
maxAge: configuration.session.expiration,
|
||||
domain: configuration.session.domain
|
||||
},
|
||||
|
|
|
@ -73,7 +73,8 @@ describe("test session configuration builder", function () {
|
|||
resave: false,
|
||||
saveUninitialized: true,
|
||||
cookie: {
|
||||
secure: false,
|
||||
secure: true,
|
||||
httpOnly: true,
|
||||
maxAge: 3600,
|
||||
domain: "example.com"
|
||||
}
|
||||
|
@ -153,7 +154,8 @@ describe("test session configuration builder", function () {
|
|||
resave: false,
|
||||
saveUninitialized: true,
|
||||
cookie: {
|
||||
secure: false,
|
||||
secure: true,
|
||||
httpOnly: true,
|
||||
maxAge: 3600,
|
||||
domain: "example.com"
|
||||
},
|
||||
|
|
Loading…
Reference in New Issue
Block a user