Commit 8023b2d5 authored by Olav Morken's avatar Olav Morken

Fix secure cookie set for http requests.

parent 66eea123
Pipeline #1664 passed with stage
in 2 minutes and 56 seconds
local headers = ngx.req.get_headers()
local scheme = headers["x-forwarded-proto"]
if not scheme then
scheme = ngx.var.scheme
end
local secure_flag = 'Secure; '
if scheme == 'http' then
secure_flag = ''
end
ngx.req.read_body()
local args, err = ngx.req.get_post_args()
if not args then
......@@ -8,5 +18,5 @@ end
local session = args['SessionId']
local returnTo = args['ReturnTo']
ngx.header['Set-Cookie'] = 'session=' .. session ..'; path=/; Secure; HttpOnly;'
ngx.header['Set-Cookie'] = 'session=' .. session ..'; path=/; ' .. secure_flag .. 'HttpOnly;'
return ngx.redirect(returnTo)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment