github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-17 21:17:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
029f6f0a292bcaf2fc4029a2c22435f7e499bcc7
zot/pkg/api/config
T
History
Andrei Aaron 029f6f0a29 fix: configure cookie Secure flag based on TLS configuration (#3482) 
Make the Secure flag for session cookies configurable based on Zot's
TLS settings. This allows cookies to work properly when Zot is
accessed over HTTP (without TLS).

Changes:
- Add SecureSession field to AuthConfig to allow explicit control
- Add UseSecureSession() method that returns true when TLS is
  configured, or uses SecureSession setting if provided
- Update saveUserLoggedSession() to accept and use secure parameter
- Add tests for UseSecureSession() in config_test.go
- Enhance authn tests to verify cookie Secure flag behavior
- Fix TestAuthnSessionErrors by creating new client without cookies

The logic is:
- If TLS is configured, cookies always have Secure=true
- If TLS is not configured but SecureSession is explicitly set,
  use that value
- Otherwise, default to Secure=false for HTTP-only deployments

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>
2025-10-27 17:21:21 +02:00
..
redis
fix: migrate to Go module v2 for proper semantic versioning (#3462)
2025-10-16 22:43:47 -07:00
config_elevated_test.go
fix: migrate to Go module v2 for proper semantic versioning (#3462)
2025-10-16 22:43:47 -07:00
config_test.go
fix: configure cookie Secure flag based on TLS configuration (#3482)
2025-10-27 17:21:21 +02:00
config.go
fix: configure cookie Secure flag based on TLS configuration (#3482)
2025-10-27 17:21:21 +02:00