Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose CSRF cookie insecure setting as Docker env #1181

Merged
merged 2 commits into from
Mar 24, 2023
Merged

Expose CSRF cookie insecure setting as Docker env #1181

merged 2 commits into from
Mar 24, 2023

Conversation

feedmeapples
Copy link
Contributor

@feedmeapples feedmeapples commented Feb 23, 2023
edited
Loading

What was changed

Exposed cookieInsecure as Docker env variable

Why?

Users who secure their UI deployments in non-HTTPS manner may want to disable secure cookie so CSRF cookie is sent over HTTP

Checklist

  1. Closes

  2. How was this tested:

Changed the value in development.yaml and verified it is being set

  1. Any docs updates needed?

@vercel
Copy link

vercel bot commented Feb 23, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment
Name Status Preview Comments Updated
holocene ⬜️ Ignored (Inspect) Mar 10, 2023 at 4:53PM (UTC)

robholland
robholland requested changes Feb 24, 2023
View reviewed changes
server/docker/config_template.yaml Outdated
@@ -16,6 +16,7 @@ workflowSignalDisabled: {{ default .Env.TEMPORAL_WORKFLOW_SIGNAL_DISABLED "false
workflowResetDisabled: {{ default .Env.TEMPORAL_WORKFLOW_RESET_DISABLED "false" }}
batchActionsDisabled: {{ default .Env.TEMPORAL_BATCH_ACTIONS_DISABLED "false" }}
cors:
cookieInsecure: {{ default .Env.TEMPORAL_COOKIE_INSECURE "false" }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think better to include either CORS or CSRF in the env var name.

@feedmeapples feedmeapples changed the title Expose cookie insecure setting as Docker env Expose CSRF cookie insecure setting as Docker env Mar 10, 2023
@feedmeapples feedmeapples merged commit 96c8528 into main Mar 24, 2023
@feedmeapples feedmeapples deleted the expose-cookie-insecure branch March 24, 2023 15:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robholland robholland robholland approved these changes

@stevekinney stevekinney Awaiting requested review from stevekinney

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@feedmeapples @robholland