Add flag to enable/disable cookie's HttpOnly flag.

2015-01-19 15:52:18 +00:00 · 2015-01-19 15:52:18 +00:00 · 132e3d91d6
commit 132e3d91d6
parent 9d264f304f
4 changed files with 9 additions and 3 deletions
--- a/contrib/google_auth_proxy.cfg.example
+++ b/contrib/google_auth_proxy.cfg.example
@ -42,3 +42,4 @@
 # cookie_domain = ""
 # cookie_expire = "168h"
 # cookie_https_only = true
+# cookie_httponly = true
--- a/main.go
+++ b/main.go
@ -41,6 +41,7 @@ func main() {
 	flagSet.String("cookie-domain", "", "an optional cookie domain to force cookies to (ie: .yourcompany.com)*")
 	flagSet.Duration("cookie-expire", time.Duration(168)*time.Hour, "expire timeframe for cookie")
 	flagSet.Bool("cookie-https-only", true, "set HTTPS only cookie")
+	flagSet.Bool("cookie-httponly", true, "set HttpOnly cookie")

 	flagSet.Parse(os.Args[1:])

--- a/oauthproxy.go
+++ b/oauthproxy.go
@ -27,6 +27,7 @@ type OauthProxy struct {
 	CookieKey       string
 	CookieDomain    string
 	CookieHttpsOnly bool
+	CookieHttpOnly  bool
 	CookieExpire    time.Duration
 	Validator       func(string) bool

@ -67,12 +68,13 @@ func NewOauthProxy(opts *Options, validator func(string) bool) *OauthProxy {
 	if domain == "" {
 		domain = "<default>"
 	}
-	log.Printf("Cookie settings: https_only: %v expiry: %s domain:%s", opts.CookieHttpsOnly, opts.CookieExpire, domain)
+	log.Printf("Cookie settings: https_only: %v httponly: %v expiry: %s domain:%s", opts.CookieHttpsOnly, opts.CookieHttpOnly, opts.CookieExpire, domain)
 	return &OauthProxy{
 		CookieKey:       "_oauthproxy",
 		CookieSeed:      opts.CookieSecret,
 		CookieDomain:    opts.CookieDomain,
 		CookieHttpsOnly: opts.CookieHttpsOnly,
+		CookieHttpOnly:  opts.CookieHttpOnly,
 		CookieExpire:    opts.CookieExpire,
 		Validator:       validator,

@ -197,7 +199,7 @@ func (p *OauthProxy) ClearCookie(rw http.ResponseWriter, req *http.Request) {
 		Path:     "/",
 		Domain:   domain,
 		Expires:  time.Now().Add(time.Duration(1) * time.Hour * -1),
-		HttpOnly: true,
+		HttpOnly: p.CookieHttpOnly,
 	}
 	http.SetCookie(rw, cookie)
 }
@ -213,7 +215,7 @@ func (p *OauthProxy) SetCookie(rw http.ResponseWriter, req *http.Request, val st
 		Value:    signedCookieValue(p.CookieSeed, p.CookieKey, val),
 		Path:     "/",
 		Domain:   domain,
-		HttpOnly: true,
+		HttpOnly: p.CookieHttpOnly,
 		Secure:   p.CookieHttpsOnly,
 		Expires:  time.Now().Add(p.CookieExpire),
 	}
--- a/options.go
+++ b/options.go
@ -21,6 +21,7 @@ type Options struct {
 	CookieDomain            string        `flag:"cookie-domain" cfg:"cookie_domain" env:"GOOGLE_AUTH_PROXY_COOKIE_DOMAIN"`
 	CookieExpire            time.Duration `flag:"cookie-expire" cfg:"cookie_expire" env:"GOOGLE_AUTH_PROXY_COOKIE_EXPIRE"`
 	CookieHttpsOnly         bool          `flag:"cookie-https-only" cfg:"cookie_https_only"`
+	CookieHttpOnly          bool          `flag:"cookie-httponly" cfg:"cookie_httponly"`
 	AuthenticatedEmailsFile string        `flag:"authenticated-emails-file" cfg:"authenticated_emails_file"`
 	GoogleAppsDomains       []string      `flag:"google-apps-domain" cfg:"google_apps_domains"`
 	Upstreams               []string      `flag:"upstream" cfg:"upstreams"`
@ -37,6 +38,7 @@ func NewOptions() *Options {
 		HttpAddress:         "127.0.0.1:4180",
 		DisplayHtpasswdForm: true,
 		CookieHttpsOnly:     true,
+		CookieHttpOnly:      true,
 		PassBasicAuth:       true,
 		CookieExpire:        time.Duration(168) * time.Hour,
 	}