diff options
Diffstat (limited to 'nginx')
-rw-r--r-- | nginx/handoff.html | 6 | ||||
-rw-r--r-- | nginx/sync.py | 4 |
2 files changed, 7 insertions, 3 deletions
diff --git a/nginx/handoff.html b/nginx/handoff.html index c160580..f012451 100644 --- a/nginx/handoff.html +++ b/nginx/handoff.html @@ -12,7 +12,11 @@ location = "https://dissociate.mia.jetzt/logout"; } await fetch(`/.nginx/cookie?token=${data.token}&max_age=${data.expiresIn - 60}`); - location = "/"; + if (location.hash) { + location = location.hash.slice(1); + } else { + location = "/"; + } } else { console.log("not authenticated, redirecting"); location = "https://dissociate.mia.jetzt/login"; diff --git a/nginx/sync.py b/nginx/sync.py index 9b02c45..9d81a39 100644 --- a/nginx/sync.py +++ b/nginx/sync.py @@ -12,7 +12,7 @@ handoff = map(lambda line: spacing_pattern.sub(r"\1 ", line), handoff) handoff = "".join(handoff).replace('"', '\\"').replace("$", "${dollar}") auth_check = """if ($cookie___proxy_token = "") { - return 303 https://$host/.nginx/handoff.html; + return 303 https://$host/.nginx/handoff.html#$request_uri; } auth_request /.nginx/auth;""" @@ -34,7 +34,7 @@ auth_locations = ( } location /.nginx/cookie { - add_header Set-Cookie "__proxy_token=${arg_token}; max-age=${arg_max_age}; path=/; httponly; secure"; + add_header Set-Cookie "__proxy_token=${arg_token}; max-age=${arg_max_age}; path=/; httponly; samesite=lax; secure"; return 200; }""" ) |