From 082b7c0ec8393d2cc3904f5ecfaca07db5e10b94 Mon Sep 17 00:00:00 2001 From: Mike Bland Date: Sat, 9 May 2015 15:16:26 -0400 Subject: [PATCH] Set cookie-refresh flag = 0; update README, config --- README.md | 2 ++ contrib/google_auth_proxy.cfg.example | 9 +++++++-- main.go | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 8420d7c..bec6315 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,7 @@ Usage of google_auth_proxy: -cookie-expire=168h0m0s: expire timeframe for cookie -cookie-httponly=true: set HttpOnly cookie flag -cookie-https-only=true: set secure (HTTPS) cookies (deprecated. use --cookie-secure setting) + -cookie-refresh=144h0m0s: refresh the cookie when this much time remains before expiration -cookie-secret="": the seed string for secure cookies -cookie-secure=true: set secure (HTTPS) cookie flag -custom-templates-dir="": path to custom html templates @@ -96,6 +97,7 @@ Usage of google_auth_proxy: -scope="": Oauth scope specification -skip-auth-regex=: bypass authentication for requests path's that match (may be given multiple times) -upstream=: the http url(s) of the upstream endpoint. If multiple, routing is based on path + -validate-url="": Access token validation endpoint -version=false: print version string ``` diff --git a/contrib/google_auth_proxy.cfg.example b/contrib/google_auth_proxy.cfg.example index cf4ff06..114b8ab 100644 --- a/contrib/google_auth_proxy.cfg.example +++ b/contrib/google_auth_proxy.cfg.example @@ -46,12 +46,17 @@ ## Cookie Settings -## Secret - the seed string for secure cookies +## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes +## for use with an AES cipher when cookie_refresh or pass_access_code +## is set ## Domain - optional cookie domain to force cookies to (ie: .yourcompany.com) ## Expire - expire timeframe for cookie +## Refresh - refresh the cookie when less than this much time remains before +## expiration; should be less than cookie_expire; set to 0 to disable # cookie_secret = "" # cookie_domain = "" # cookie_expire = "168h" +# cookie_refresh = "144h" # cookie_secure = true # cookie_httponly = true - +# pass_access_code = true diff --git a/main.go b/main.go index e46a336..91da9ea 100644 --- a/main.go +++ b/main.go @@ -45,7 +45,7 @@ func main() { flagSet.String("cookie-secret", "", "the seed string for secure cookies") flagSet.String("cookie-domain", "", "an optional cookie domain to force cookies to (ie: .yourcompany.com)*") flagSet.Duration("cookie-expire", time.Duration(168)*time.Hour, "expire timeframe for cookie") - flagSet.Duration("cookie-refresh", time.Duration(24)*time.Hour, "refresh the cookie when this much time remains before expiration") + flagSet.Duration("cookie-refresh", time.Duration(0)*time.Hour, "refresh the cookie when this much time remains before expiration") flagSet.Bool("cookie-https-only", true, "set secure (HTTPS) cookies (deprecated. use --cookie-secure setting)") flagSet.Bool("cookie-secure", true, "set secure (HTTPS) cookie flag") flagSet.Bool("cookie-httponly", true, "set HttpOnly cookie flag")