Add cookie configuration

2025-03-03 02:33:02 +00:00 · 2019-07-09 00:00:44 +03:00 · 2019-07-09 00:00:44 +03:00 · b5cc858494
commit b5cc858494
parent 5c8519be1e
2 changed files with 22 additions and 1 deletions
--- a/server/config/default/apiserver.conf
+++ b/server/config/default/apiserver.conf
@ -41,6 +41,27 @@

        # cookie containing auth token, for requests arriving from a web-browser
        session_auth_cookie_name: "trains_token_basic"
+
+        # cookie configuration for authorization cookies generated by auth.login
+        cookies {
+            httponly: true  # allow only http to access the cookies (no JS etc)
+            secure: false   # not using HTTPS
+            domain: null    # Limit to localhost is not supported
+            max_age: 99999999999
+        }
+
+#        # A list of fixed users
+#        fixed_users {
+#            enabled: true
+#            users: [
+#                {
+#                    username: "john"
+#                    password: "123456"
+#                    name: "john doe"
+#                }
+#
+#            ]
+#        }
    }

    cors {
--- a/server/server.py
+++ b/server/server.py
@ -63,7 +63,7 @@ def before_request():

        if call.result.cookies:
            for key, value in call.result.cookies.items():
-                response.set_cookie(key, value, httponly=True)
+                response.set_cookie(key, value, **config.get("apiserver.auth.cookies"))

        return response
    except Exception as ex: