loginsrv

Unnamed repository; edit this file 'description' to name the repository.
git clone git@jamesshield.xyz:repos/loginsrv.git
Log | Files | Refs | README | LICENSE

commit 7ce7f7c38ce738c70c1b4c8ecb7ae554c90aa8d5
parent bfd3354cea30097928b5c2d853ca05e742e7769a
Author: Sebastian Mancke <sebastian.mancke@snabble.io>
Date:   Sat, 19 Jan 2019 19:57:38 +0100

some doku improvements

Diffstat:
MCHANGELOG.md | 2+-
MREADME.md | 3++-
2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md @@ -3,7 +3,7 @@ ## v1.3.0 -* __*ATTENTION:*__ Added a config option to set the secure flag for cookies (default: -secure-secure=true). If you run unsecure HTTP you have to set this option ot false!!! +* __*ATTENTION:*__ Added a config option to set the secure flag for cookies (default: -cookie-secure=true). If you run unsecure HTTP you have to set this option ot false!!! * __Google OAuth provider now uses the google userinfo endpoint. No need to activate the google+ APIs anymore.__ * __Added Gitlab OAuth Provider__ * The GET endpoint now returns the user info if the call accepts JSON diff --git a/README.md b/README.md @@ -16,7 +16,8 @@ Please update loginsrv to v1.3.0 if you are using google login. __** Attention: Since v1.3.0, pure HTTP is not supported by default **__ -See [CHANGELOG](CHANGELOG.md#v130) for details. +Since v1.3.0, loginsrv sets the secure flag for the login cookie. So, if you use HTTP fo connect with the browser, e.g. for testing, you browser will ignore the cookie. +Use the flag `-cookie-secure=false` when testing without HTTPS. ## Abstract