hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-15 14:03:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

set httponly on cookies

Browse Source
This commit is contained in:
Min RK
2017-07-11 11:06:00 +02:00
parent 396f454998
commit a51141810d
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
jupyterhub/handlers/base.py
View File

@@ -253,10 +253,11 @@ class BaseHandler(RequestHandler):
def _set_user_cookie(self, user, server): def _set_user_cookie(self, user, server):
# tornado <4.2 have a bug that consider secure==True as soon as # tornado <4.2 have a bug that consider secure==True as soon as
# 'secure' kwarg is passed to set_secure_cookie # 'secure' kwarg is passed to set_secure_cookie
kwargs = {
'httponly': True,
}
if self.request.protocol == 'https': if self.request.protocol == 'https':
kwargs = {'secure': True} kwargs['secure'] = True
else:
kwargs = {}
if self.subdomain_host: if self.subdomain_host:
kwargs['domain'] = self.domain kwargs['domain'] = self.domain
self.log.debug("Setting cookie for %s: %s, %s", user.name, server.cookie_name, kwargs) self.log.debug("Setting cookie for %s: %s, %s", user.name, server.cookie_name, kwargs)

1
jupyterhub/services/auth.py
View File

@@ -478,6 +478,7 @@ class HubOAuth(HubAuth):
"""Set a cookie recording OAuth result""" """Set a cookie recording OAuth result"""
kwargs = { kwargs = {
'path': self.base_url, 'path': self.base_url,
'httponly': True,
} }
if handler.request.protocol == 'https': if handler.request.protocol == 'https':
kwargs['secure'] = True kwargs['secure'] = True