Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow setting cookie secure flag when requests are served through trusted proxies. #5

Closed
clems4ever opened this issue Apr 25, 2019 · 2 comments
Closed

Allow setting cookie secure flag when requests are served through trusted proxies. #5

clems4ever opened this issue Apr 25, 2019 · 2 comments

Comments

@clems4ever
Copy link
Contributor

@savsgio , when fasthttp server is behind a proxy and there is no TLS link between the proxy and the server because let say the server and the proxy are on the same host, the secure flag of the cookie should legitimately be set to true to enhance security.
I propose to add a configuration attribute called TrustedProxies being a list of strings being known and trusted IPs of proxies in order to mimic the behavior of the Express framework as described in this documentation: http://expressjs.com/en/guide/behind-proxies.html.

So what I propose is to check whether the connection is over TLS || (the remote IP is a trusted proxy && X-Forwarde-Proto is set to https) by modifying the following line:

session/cookie.go

Line 37 in 1f4f9f4

if ctx.IsTLS() && secure {

Would that sound reasonable to you?
@clems4ever
Copy link
Contributor Author

Here is the proposal: #6

@savsgio
Copy link
Member

savsgio commented Apr 26, 2019

Thanks for your PR!

@savsgio savsgio closed this as completed Apr 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@clems4ever @savsgio