| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-05-08 | chore: bundle envoy with sparkle | mo khan | |
| 2025-05-08 | chore: add envoy config and make targets | mo khan | |
| 2025-05-08 | chore: add a docker compose file to try envoy | mo khan | |
| 2025-05-08 | refactor: move html render to data transfer object | mo khan | |
| 2025-05-08 | feat: test out a redirect page in staging | mo khan | |
| 2025-05-08 | feat: use a cookie prefix to lock down the session cookie | mo khan | |
| > __Host-: If a cookie name has this prefix, it's accepted in a > Set-Cookie header only if it's also marked with the Secure attribute, > was sent from a secure origin, does not include a Domain attribute, > and has the Path attribute set to /. In other words, the cookie is > domain-locked. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#cookie_prefixes | |||
| 2025-05-08 | chore: add link to signed cookie issue | mo khan | |
| 2025-05-08 | chore: add link to 404 issue | mo khan | |
| 2025-05-08 | fix: temporarily disable signed cookies in staging/production | mo khan | |
| 2025-05-08 | chore: write cookie validity to log | mo khan | |
| 2025-05-08 | feat: clear the oauth state cookie after usage | mo khan | |
| 2025-05-08 | chore: log the generated cookie | mo khan | |
| 2025-05-07 | feat: add a logo | mo khan | |
| 2025-05-07 | feat: add a favicon.ico | mo khan | |
| 2025-05-07 | feat: fallback to unsigned value | mo khan | |
| 2025-05-07 | refactor: use Mapper type | mo khan | |
| 2025-05-07 | feat: check if cookie is valid | mo khan | |
| 2025-05-07 | fix: do not clear set-cookie header | mo khan | |
| 2025-05-07 | fix: remove the csrf cookie after usage | mo khan | |
| 2025-05-07 | chore: log the expiration of the access token | mo khan | |
| 2025-05-07 | chore: log session cookie to understand why it is not being delivered | mo khan | |
| 2025-05-07 | fix: use same site lax mode to allow setting cooking on redirect | mo khan | |
| 2025-05-07 | docs: remove outdated screenshot | mo khan | |
| 2025-05-07 | refactor: provide context to repository to apply timeout | mo khan | |
| 2025-05-07 | feat: digitally sign and verify cookie using randomly generated key | mo khan | |
| 2025-05-07 | refactor: move test server to oidc package | mo khan | |
| 2025-05-07 | refactor: extract helper to log errors consistently | mo khan | |
| 2025-05-07 | refactor: delegate to cookie package | mo khan | |
| 2025-05-07 | refactor: inline options variable | mo khan | |
| 2025-05-07 | refactor: move cookie to web package | mo khan | |
| 2025-05-07 | refactor: delegate to cookie package to write to response stream | mo khan | |
| 2025-05-07 | refactor: delegate to cookie package | mo khan | |
| 2025-04-30 | fix: strict same site mode breaks redirects | mo khan | |
| 2025-04-30 | fix: adjust cookie expiration calculation | mo khan | |
| 2025-04-30 | fix: revert change to error message | mo khan | |
| 2025-04-30 | test: add test for each cookie option | mo khan | |
| 2025-04-30 | refactor: delegate to cookie.Reset to overload with options | mo khan | |
| 2025-04-30 | test: add test for resetting a cookie | mo khan | |
| 2025-04-30 | test: ensure tests work offline | mo khan | |
| 2025-04-30 | refactor: delegate to x package | mo khan | |
| 2025-04-30 | refactor: using existing helpers | mo khan | |
| 2025-04-30 | feat: extract other cookie options | mo khan | |
| 2025-04-30 | fix: prepend default option | mo khan | |
| 2025-04-30 | refactor: extract generic function to create and initialize any type | mo khan | |
| 2025-04-30 | refactor: extract Option[T] and cleaner API for creating cookies | mo khan | |
| 2025-04-30 | refactor: extract cookie options | mo khan | |
| 2025-04-30 | fix: the CSRF cookie needs to have a same site lax mode | mo khan | |
| 2025-04-30 | fix: disable secure cookies in development mode | mo khan | |
| 2025-04-29 | feat: use same site strict mode | mo khan | |
| > Strict causes the browser to only send the cookie in response to > requests originating from the cookie's origin site. This should be > used when you have cookies relating to functionality that will > always be behind an initial navigation, such as authentication or > storing shopping cart information. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#controlling_third-party_cookies_with_samesite | |||
| 2025-04-29 | Use secure and http flag on cookies everywhere | mo khan | |
| > A cookie with the Secure attribute is only sent to the server with > an encrypted request over the HTTPS protocol. It's never sent with > unsecured HTTP (except on localhost), which means man-in-the-middle > attackers can't access it easily. Insecure sites (with http: in the > URL) can't set cookies with the Secure attribute. However, don't > assume that Secure prevents all access to sensitive information in > cookies. For example, someone with access to the client's hard disk > (or JavaScript if the HttpOnly attribute isn't set) can read and > modify the information. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#block_access_to_your_cookies | |||
 |
index : gitlab/sparkled.git | |
| GitLab CI/CD utilities | git |
| summaryrefslogtreecommitdiff |