Refactor Cookie Response for Abandon Auth Logins #135

fisher60 · 2024-06-19T05:07:18Z

Summary

We are using an insecure cookie policy that is setting cookies for the entire abandontech domain. Instead, we should only set cookies for the domain that abandonauth is hosted on. This should be possible by removing any explicit domain we are setting on cookies.

We also need to ensure we are using a secure cookie policy, we should still use secure=True and httponly=True in the UI response for setting cookies. Ideally, we can remove the separate cookie logic for debug mode versus prod deploy after we remove the explicit domain.

The text was updated successfully, but these errors were encountered:

fisher60 added enhancement New feature or request frontend Relates to UI/UX backend Relates to backend labels Jun 19, 2024

fisher60 changed the title ~~Refactor auth flow for abandon auth~~ Refactor Cookie Response for Abandon Auth Logins Jun 20, 2024

fisher60 removed the frontend Relates to UI/UX label Jun 20, 2024

fisher60 self-assigned this Jun 24, 2024

fisher60 mentioned this issue Jun 24, 2024

use env configuration for base URL, at http only to set cookie options #145

Merged

fisher60 closed this as completed in #145 Jun 24, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Refactor Cookie Response for Abandon Auth Logins #135

Refactor Cookie Response for Abandon Auth Logins #135

fisher60 commented Jun 19, 2024 •

edited

Loading

Refactor Cookie Response for Abandon Auth Logins #135

Refactor Cookie Response for Abandon Auth Logins #135

Comments

fisher60 commented Jun 19, 2024 • edited Loading

Summary

fisher60 commented Jun 19, 2024 •

edited

Loading