Skip to content

Commit 62dc831

Browse files
deansheatherdeansheather
authored
fix: use httponly flag on coder_signed_app_token cookie (#18989)
1 parent c4b69bb commit 62dc831

File tree

1 file changed

+5
-4
lines changed

1 file changed

+5
-4
lines changed

coderd/workspaceapps/provider.go

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -77,10 +77,11 @@ func ResolveRequest(rw http.ResponseWriter, r *http.Request, opts ResolveRequest
7777
// For subdomain apps, this applies to the entire subdomain, e.g.
7878
// app--agent--workspace--user.apps.example.com
7979
http.SetCookie(rw, opts.CookieCfg.Apply(&http.Cookie{
80-
Name: codersdk.SignedAppTokenCookie,
81-
Value: tokenStr,
82-
Path: appReq.BasePath,
83-
Expires: token.Expiry.Time(),
80+
Name: codersdk.SignedAppTokenCookie,
81+
Value: tokenStr,
82+
Path: appReq.BasePath,
83+
HttpOnly: true,
84+
Expires: token.Expiry.Time(),
8485
}))
8586

8687
return token, true

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy