[Bug]: SID cookie not sent to backend using distinct hostnames

VueTorrent / vuetorrent-backend

Simple backend service to store configuration server-side

GNU General Public License v3.0

8 stars 2 forks source link

[Bug]: SID cookie not sent to backend using distinct hostnames #13

Open Larsluph opened 2 months ago

Larsluph commented 2 months ago

Related to VueTorrent/VueTorrent#1666

When using distinct hostnames for VueTorrent and vuetorrent-backend, the cookie isn't sent due to default security policies.

Larsluph commented 2 months ago

SID cookie has the HttpOnly attribute. It is therefore impossible to retrieve it using the WebUI. We need to find a workaround to authentication than the SID for distinct hostname cases.

matthewdias commented 2 months ago

For my own use case case, the option to disable auth or just a simple basicauth would do the job. i can enforce auth through my http server

Larsluph commented 2 months ago

Adding an environment variable to disable auth seems like a good workaround.