Don't set the secure Cookie flag if TLS_FLAVOR=notls

main
Florent Daigniere 2 years ago
parent 8a90f83bd0
commit 505bb79a78

@ -39,7 +39,7 @@ def login():
flask.session.regenerate() flask.session.regenerate()
flask_login.login_user(user) flask_login.login_user(user)
response = flask.redirect(destination) response = flask.redirect(destination)
response.set_cookie('rate_limit', utils.limiter.device_cookie(username), max_age=31536000, path=flask.url_for('sso.login'), secure=app.config['SESSION_COOKIE_SECURE'], httponly=True) response.set_cookie('rate_limit', utils.limiter.device_cookie(username), max_age=31536000, path=flask.url_for('sso.login'), secure=False if app.config['TLS_FLAVOR'] == 'notls' else app.config['SESSION_COOKIE_SECURE'], httponly=True)
flask.current_app.logger.info(f'Login succeeded for {username} from {client_ip} pwned={form.pwned.data}.') flask.current_app.logger.info(f'Login succeeded for {username} from {client_ip} pwned={form.pwned.data}.')
if msg := utils.isBadOrPwned(form): if msg := utils.isBadOrPwned(form):
flask.flash(msg, "error") flask.flash(msg, "error")

@ -408,7 +408,7 @@ class MailuSessionInterface(SessionInterface):
httponly=self.get_cookie_httponly(app), httponly=self.get_cookie_httponly(app),
domain=self.get_cookie_domain(app), domain=self.get_cookie_domain(app),
path=self.get_cookie_path(app), path=self.get_cookie_path(app),
secure=self.get_cookie_secure(app), secure=False if app.config['TLS_FLAVOR'] == 'notls' else self.get_cookie_secure(app),
samesite=self.get_cookie_samesite(app) samesite=self.get_cookie_samesite(app)
) )

@ -68,12 +68,12 @@ ENV \
FLASK_ENV="development" \ FLASK_ENV="development" \
MEMORY_SESSIONS="true" \ MEMORY_SESSIONS="true" \
RATELIMIT_STORAGE_URL="memory://" \ RATELIMIT_STORAGE_URL="memory://" \
SESSION_COOKIE_SECURE="false" \
\ \
DEBUG="true" \ DEBUG="true" \
DEBUG_PROFILER="${DEV_PROFILER}" \ DEBUG_PROFILER="${DEV_PROFILER}" \
DEBUG_ASSETS="/app/static" \ DEBUG_ASSETS="/app/static" \
DEBUG_TB_ENABLED="true" \ DEBUG_TB_ENABLED="true" \
DEBUG_TB_INTERCEPT_REDIRECTS=False \
\ \
IMAP_ADDRESS="127.0.0.1" \ IMAP_ADDRESS="127.0.0.1" \
POP3_ADDRESS="127.0.0.1" \ POP3_ADDRESS="127.0.0.1" \

Loading…
Cancel
Save