mirror of
https://github.com/project-zot/zot.git
synced 2026-06-17 21:17:58 +08:00
Andrei Aaron
029f6f0a29
Make the Secure flag for session cookies configurable based on Zot's TLS settings. This allows cookies to work properly when Zot is accessed over HTTP (without TLS). Changes: - Add SecureSession field to AuthConfig to allow explicit control - Add UseSecureSession() method that returns true when TLS is configured, or uses SecureSession setting if provided - Update saveUserLoggedSession() to accept and use secure parameter - Add tests for UseSecureSession() in config_test.go - Enhance authn tests to verify cookie Secure flag behavior - Fix TestAuthnSessionErrors by creating new client without cookies The logic is: - If TLS is configured, cookies always have Secure=true - If TLS is not configured but SecureSession is explicitly set, use that value - Otherwise, default to Secure=false for HTTP-only deployments Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>