| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-05-15 | refactor: delete code that is now handled by envoy | mo khan | |
| 2025-05-11 | refactor: inline unncessary method | mo khan | |
| 2025-05-11 | feat: add endpoint to reflect JWT body | mo khan | |
| 2025-05-11 | test: test envoy and sparkle via testcontainers | mo khan | |
| 2025-05-08 | feat: use a cookie prefix to lock down the session cookie | mo khan | |
| > __Host-: If a cookie name has this prefix, it's accepted in a > Set-Cookie header only if it's also marked with the Secure attribute, > was sent from a secure origin, does not include a Domain attribute, > and has the Path attribute set to /. In other words, the cookie is > domain-locked. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#cookie_prefixes | |||
| 2025-05-07 | feat: digitally sign and verify cookie using randomly generated key | mo khan | |
| 2025-04-30 | fix: revert change to error message | mo khan | |
| 2025-04-30 | fix: the CSRF cookie needs to have a same site lax mode | mo khan | |
| 2025-04-28 | feat: validate the csrf token | mo khan | |
| 2025-04-28 | feat: redirect to login page when session is established | mo khan | |
| 2025-04-28 | refactor: move token exchange into service class | mo khan | |
| 2025-04-28 | refactor: extract a session service class | mo khan | |
 |
index : gitlab/sparkled.git | |
| GitLab CI/CD utilities | git |
| summaryrefslogtreecommitdiff |