Merge pull request #397 from gambol99/http_client_cookie

Http Only Cookie Default

Merge pull request #397 from gambol99/http_client_cookie
a6d55e66 · Rohith Jayawardene · GitHub · 3c739162 · a7f6c833 · a6d55e66
Unverified Commit a6d55e66 authored Jul 12, 2018 by Rohith Jayawardene Committed by GitHub Jul 12, 2018
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
-#### **2.2.3 (Unreleased)**
+#### **2.3.0 (Unreleased)**
 FEATURES:
 * Added the ability to use a "any" operation on the roles rather then just "and" with the inclusion of a `require-any-role` [#PR389](https://github.com/gambol99/keycloak-proxy/pull/389)
 * Added a `--enable-request-id` option to inject a request id into the upstream request [#PR392](https://github.com/gambol99/keycloak-proxy/pull/392)
 * Added the ability for the proxy to generate self-signed certificates for use via the `--enable-self-signed-tls` [#PR394](https://github.com/gambol99/keycloak-proxy/pull/394)
+BREAK CHANGES
+* Added the http-cookie-only option as default true [#PR397](https://github.com/gambol99/keycloak-proxy/pull/397)
 #### **2.2.2**
 FEATURES:

--- a/config.go
+++ b/config.go
@@ -42,14 +42,15 @@ func newDefaultConfig() *Config {
 		EnableDefaultDeny:           true,
 		EnableSessionCookies:        true,
 		EnableTokenHeader:           true,
-		SelfSignedTLSHostnames:      hostnames,
+		HTTPOnlyCookie:              true,
-		SelfSignedTLSExpiration:     3 * time.Hour,
 		Headers:                     make(map[string]string),
 		LetsEncryptCacheDir:         "./cache/",
 		MatchClaims:                 make(map[string]string),
 		OAuthURI:                    "/oauth",
 		OpenIDProviderTimeout:       30 * time.Second,
 		PreserveHost:                false,
+		SelfSignedTLSExpiration:     3 * time.Hour,
+		SelfSignedTLSHostnames:      hostnames,
 		RequestIDHeader:             "X-Request-ID",
 		ResponseHeaders:             make(map[string]string),
 		SecureCookie:                true,