| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-05-28 | refactor: delete jwt verification code | mo khan | |
| 2025-05-11 | refactor: inline unncessary method | mo khan | |
| 2025-05-11 | refactor: use same cookie names as envoy plugin | mo khan | |
| 2025-05-11 | feat: read HMAC_SESSION_SECRET env variable | mo khan | |
| 2025-05-09 | refactor: delegate to WriteCookie to validate cookie | mo khan | |
| 2025-05-09 | feat: attempt to sign cookies on staging/production | mo khan | |
| 2025-05-08 | feat: use a cookie prefix to lock down the session cookie | mo khan | |
| > __Host-: If a cookie name has this prefix, it's accepted in a > Set-Cookie header only if it's also marked with the Secure attribute, > was sent from a secure origin, does not include a Domain attribute, > and has the Path attribute set to /. In other words, the cookie is > domain-locked. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#cookie_prefixes | |||
| 2025-05-08 | chore: add link to signed cookie issue | mo khan | |
| 2025-05-08 | fix: temporarily disable signed cookies in staging/production | mo khan | |
| 2025-05-07 | feat: fallback to unsigned value | mo khan | |
| 2025-05-07 | feat: check if cookie is valid | mo khan | |
| 2025-05-07 | feat: digitally sign and verify cookie using randomly generated key | mo khan | |
| 2025-05-07 | refactor: inline options variable | mo khan | |
| 2025-05-07 | refactor: move cookie to web package | mo khan | |
 |
index : gitlab/sparkled.git | |
| GitLab CI/CD utilities | git |
| summaryrefslogtreecommitdiff |