admin/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): set cookie Domain to .homelab.local for subdomain coverage

Browse Source 
Without the leading dot, the auth_token cookie was only sent to the
exact host homelab.local — not to finance.homelab.local, auth.homelab.local,
etc. — so the forward-auth check failed on any subdomain after login.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Gonçalo Rodrigues 2026-06-20 16:43:33 +01:00
parent 464bde2ee6
commit dcb573ed8a
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/auth/services/gateway/main/handler.go
View File

@ -300,7 +300,7 @@ func (h *Handler) LoginAPI(w http.ResponseWriter, r *http.Request) {
Name: "auth_token", Name: "auth_token",
Value: token, Value: token,
Path: "/", Path: "/",
Domain: "homelab.local", Domain: ".homelab.local",
HttpOnly: true, HttpOnly: true,
SameSite: http.SameSiteLaxMode, SameSite: http.SameSiteLaxMode,
}) })
@ -343,7 +343,7 @@ func (h *Handler) Login(w http.ResponseWriter, r *http.Request) {
Name: "auth_token", Name: "auth_token",
Value: token, Value: token,
Path: "/", Path: "/",
Domain: "homelab.local", Domain: ".homelab.local",
HttpOnly: true, HttpOnly: true,
SameSite: http.SameSiteLaxMode, SameSite: http.SameSiteLaxMode,
}) })
@ -364,7 +364,7 @@ func (h *Handler) Logout(w http.ResponseWriter, r *http.Request) {
Name: "auth_token", Name: "auth_token",
Value: "", Value: "",
Path: "/", Path: "/",
Domain: "homelab.local", Domain: ".homelab.local",
MaxAge: -1, MaxAge: -1,
HttpOnly: true, HttpOnly: true,
SameSite: http.SameSiteLaxMode, SameSite: http.SameSiteLaxMode,