Open Func86 opened 2 weeks ago
vs
which is used for the cockpit_auth_empty_cookie_value
function.
To clarify: Your bug report is that you run cockpit-ws behind a reverse proxy, and X-Forwarded-Proto
is https
, but cockpit_auth_login_finish()
does not actually test for that (only for --for-tls-proxy
), so the cookie isn't marked as secure? That makes sense to me, just would like to confirm.
Yes, so the behaviour is inconsistent before and after login.
@Func86 If this bothers you, start cockpit-ws
with the --for-tls-proxy
option, then the cookie should be correct.
Explain what happens
ProtocolHeader = X-Forwarded-Proto
in the config, access the web console via HTTPScockpit
cookie isdeleted
, with the Secure flagProtocolHeader = X-Forwarded-Proto
config on and off, to confirm that it's only working when not logged in.Version of Cockpit
323-1~bpo12+1
Where is the problem in Cockpit?
Unknown or not applicable
Server operating system
Debian
Server operating system version
Debian 6.1.99-1 (2024-07-15) x86_64
What browsers are you using?
Chrome
System log
No response