Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit c874f35

Browse files
f0sself0ssel
committed
pr comments
1 parent 197b163 commit c874f35

File tree

4 files changed

+27
-20
lines changed

4 files changed

+27
-20
lines changed

cli/start.go

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ func start() *cobra.Command {
5757
useTunnel bool
5858
traceDatadog bool
5959
strictTransportSecurity bool
60-
secureCookie bool
60+
secureAuthCookie bool
6161
)
6262
root := &cobra.Command{
6363
Use: "start",
@@ -129,13 +129,13 @@ func start() *cobra.Command {
129129
}
130130
logger := slog.Make(sloghuman.Sink(os.Stderr))
131131
options := &coderd.Options{
132-
AccessURL: accessURLParsed,
133-
Logger: logger.Named("coderd"),
134-
Database: databasefake.New(),
135-
Pubsub: database.NewPubsubInMemory(),
136-
GoogleTokenValidator: validator,
137-
HSTS: strictTransportSecurity,
138-
SecureCookie: secureCookie,
132+
AccessURL: accessURLParsed,
133+
Logger: logger.Named("coderd"),
134+
Database: databasefake.New(),
135+
Pubsub: database.NewPubsubInMemory(),
136+
GoogleTokenValidator: validator,
137+
StrictTransportSecurity: strictTransportSecurity,
138+
SecureAuthCookie: secureAuthCookie,
139139
}
140140

141141
if !dev {
@@ -338,8 +338,8 @@ func start() *cobra.Command {
338338
cliflag.BoolVarP(root.Flags(), &useTunnel, "tunnel", "", "CODER_DEV_TUNNEL", true, "Serve dev mode through a Cloudflare Tunnel for easy setup")
339339
_ = root.Flags().MarkHidden("tunnel")
340340
cliflag.BoolVarP(root.Flags(), &traceDatadog, "trace-datadog", "", "CODER_TRACE_DATADOG", false, "Send tracing data to a datadog agent")
341-
cliflag.BoolVarP(root.Flags(), &strictTransportSecurity, "strict-transport-security", "", "CODER_STRICT_TRANSPORT_SECURITY", false, "Set the 'strict-transport-security' header on http responses")
342-
cliflag.BoolVarP(root.Flags(), &secureCookie, "secure-cookie", "", "CODER_SECURE_COOKIE", false, "Set the 'Secure' property on browser session cookies")
341+
cliflag.BoolVarP(root.Flags(), &strictTransportSecurity, "strict-transport-security", "", "CODER_STRICT_TRANSPORT_SECURITY", false, `Specifies if the "strict-transport-security" header is set on http responses`)
342+
cliflag.BoolVarP(root.Flags(), &secureAuthCookie, "secure-auth-cookie", "", "CODER_SECURE_AUTH_COOKIE", false, "Specifies if the 'Secure' property is set on browser session cookies")
343343

344344
return root
345345
}

coderd/coderd.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,8 +30,8 @@ type Options struct {
3030
AWSCertificates awsidentity.Certificates
3131
GoogleTokenValidator *idtoken.Validator
3232

33-
HSTS bool
34-
SecureCookie bool
33+
StrictTransportSecurity bool
34+
SecureAuthCookie bool
3535
}
3636

3737
// New constructs the Coder API into an HTTP handler.
@@ -50,7 +50,7 @@ func New(options *Options) (http.Handler, func()) {
5050
r.Route("/api/v2", func(r chi.Router) {
5151
r.Use(
5252
chitrace.Middleware(),
53-
httpmw.HSTS(api.HSTS),
53+
httpmw.StrictTransportSecurity(api.StrictTransportSecurity),
5454
)
5555
r.Get("/", func(w http.ResponseWriter, r *http.Request) {
5656
httpapi.Write(w, http.StatusOK, httpapi.Response{

coderd/httpmw/hsts.go renamed to coderd/httpmw/stricttransportsecurity.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,8 @@ import (
77
)
88

99
const (
10-
StrictTransportSecurityHeader = "Strict-Transport-Security"
11-
StrictTransportSecurityMaxAge = time.Hour * 24 * 365 // 1 year
10+
strictTransportSecurityHeader = "Strict-Transport-Security"
11+
strictTransportSecurityMaxAge = time.Hour * 24 * 365 // 1 year
1212
)
1313

1414
// StrictTransportSecurity will add the strict-transport-security header if enabled.
@@ -25,7 +25,7 @@ func StrictTransportSecurity(enable bool) func(next http.Handler) http.Handler {
2525
return func(next http.Handler) http.Handler {
2626
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
2727
if enable {
28-
w.Header().Set(StrictTransportSecurityHeader, fmt.Sprintf("max-age=%d", int64(StrictTransportSecurityMaxAge.Seconds())))
28+
w.Header().Set(strictTransportSecurityHeader, fmt.Sprintf("max-age=%d", int64(strictTransportSecurityMaxAge.Seconds())))
2929
}
3030

3131
next.ServeHTTP(w, r)

coderd/httpmw/hsts_test.go renamed to coderd/httpmw/stricttransportsecurity_test.go

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,17 @@ import (
55
"net/http"
66
"net/http/httptest"
77
"testing"
8+
"time"
89

9-
"github.com/coder/coder/coderd/httpmw"
1010
"github.com/go-chi/chi/v5"
1111
"github.com/stretchr/testify/require"
12+
13+
"github.com/coder/coder/coderd/httpmw"
14+
)
15+
16+
const (
17+
strictTransportSecurityHeader = "Strict-Transport-Security"
18+
strictTransportSecurityMaxAge = time.Hour * 24 * 365
1219
)
1320

1421
func TestStrictTransportSecurity(t *testing.T) {
@@ -32,14 +39,14 @@ func TestStrictTransportSecurity(t *testing.T) {
3239

3340
res := setup(true)
3441
defer res.Body.Close()
35-
require.Contains(t, res.Header.Get(httpmw.StrictTransportSecurityHeader), fmt.Sprintf("max-age=%d", int64(httpmw.StrictTransportSecurityMaxAge)))
42+
require.Contains(t, res.Header.Get(strictTransportSecurityHeader), fmt.Sprintf("max-age=%d", int64(strictTransportSecurityMaxAge.Seconds())))
3643
})
3744
t.Run("False", func(t *testing.T) {
3845
t.Parallel()
3946

4047
res := setup(false)
4148
defer res.Body.Close()
42-
require.NotContains(t, res.Header.Get(httpmw.StrictTransportSecurityHeader), fmt.Sprintf("max-age=%d", int64(httpmw.StrictTransportSecurityMaxAge)))
43-
require.Equal(t, res.Header.Get(httpmw.StrictTransportSecurityHeader), "")
49+
require.NotContains(t, res.Header.Get(strictTransportSecurityHeader), fmt.Sprintf("max-age=%d", int64(strictTransportSecurityMaxAge.Seconds())))
50+
require.Equal(t, res.Header.Get(strictTransportSecurityHeader), "")
4451
})
4552
}

0 commit comments

Comments
 (0)