gitlab/sparkled.git - GitLab CI/CD utilities

Age	Commit message (Collapse)	Author
2025-04-30	test: add test for each cookie option	mo khan

2025-04-30	test: add test for resetting a cookie	mo khan

2025-04-30	test: ensure tests work offline	mo khan

2025-04-30	refactor: extract Option[T] and cleaner API for creating cookies	mo khan

2025-04-30	fix: the CSRF cookie needs to have a same site lax mode	mo khan

2025-04-30	fix: disable secure cookies in development mode	mo khan

2025-04-29	feat: use same site strict mode	mo khan
	> Strict causes the browser to only send the cookie in response to > requests originating from the cookie's origin site. This should be > used when you have cookies relating to functionality that will > always be behind an initial navigation, such as authentication or > storing shopping cart information. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#controlling_third-party_cookies_with_samesite
2025-04-29	Use secure and http flag on cookies everywhere	mo khan
	> A cookie with the Secure attribute is only sent to the server with > an encrypted request over the HTTPS protocol. It's never sent with > unsecured HTTP (except on localhost), which means man-in-the-middle > attackers can't access it easily. Insecure sites (with http: in the > URL) can't set cookies with the Secure attribute. However, don't > assume that Secure prevents all access to sensitive information in > cookies. For example, someone with access to the client's hard disk > (or JavaScript if the HttpOnly attribute isn't set) can read and > modify the information. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#block_access_to_your_cookies
2025-04-29	feat: ensure cookie is not accessible to js and one transmitted over tls in ↵	mo khan
	production
2025-04-15	feat: create session cookie tied to access token	mo khan