| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-05-07 | refactor: move cookie to web package | mo khan | |
| 2025-05-07 | refactor: delegate to cookie package | mo khan | |
| 2025-04-30 | fix: strict same site mode breaks redirects | mo khan | |
| 2025-04-30 | test: add test for each cookie option | mo khan | |
| 2025-04-30 | refactor: delegate to cookie.Reset to overload with options | mo khan | |
| 2025-04-30 | refactor: delegate to x package | mo khan | |
| 2025-04-30 | refactor: using existing helpers | mo khan | |
| 2025-04-30 | feat: extract other cookie options | mo khan | |
| 2025-04-30 | fix: prepend default option | mo khan | |
| 2025-04-30 | refactor: extract generic function to create and initialize any type | mo khan | |
| 2025-04-30 | refactor: extract Option[T] and cleaner API for creating cookies | mo khan | |
| 2025-04-30 | refactor: extract cookie options | mo khan | |
| 2025-04-30 | fix: the CSRF cookie needs to have a same site lax mode | mo khan | |
| 2025-04-30 | fix: disable secure cookies in development mode | mo khan | |
| 2025-04-29 | feat: use same site strict mode | mo khan | |
| > Strict causes the browser to only send the cookie in response to > requests originating from the cookie's origin site. This should be > used when you have cookies relating to functionality that will > always be behind an initial navigation, such as authentication or > storing shopping cart information. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#controlling_third-party_cookies_with_samesite | |||
| 2025-04-29 | Use secure and http flag on cookies everywhere | mo khan | |
| > A cookie with the Secure attribute is only sent to the server with > an encrypted request over the HTTPS protocol. It's never sent with > unsecured HTTP (except on localhost), which means man-in-the-middle > attackers can't access it easily. Insecure sites (with http: in the > URL) can't set cookies with the Secure attribute. However, don't > assume that Secure prevents all access to sensitive information in > cookies. For example, someone with access to the client's hard disk > (or JavaScript if the HttpOnly attribute isn't set) can read and > modify the information. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#block_access_to_your_cookies | |||
| 2025-04-29 | feat: ensure cookie is not accessible to js and one transmitted over tls in ↵ | mo khan | |
| production | |||
| 2025-04-28 | test: temporarily disable http and secure flags | mo khan | |
| 2025-04-28 | feat: do not allow js to access cookie | mo khan | |
| 2025-04-15 | feat: create session cookie tied to access token | mo khan | |
 |
index : gitlab/sparkled.git | |
| GitLab CI/CD utilities | git |
| summaryrefslogtreecommitdiff |