yusiboyz/platform
1
0
Fork 0
Code Issues 4 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix: TLS verification, cookie hardening, and proxy transport (#7)

Browse Source 
- Renamed _ssl_ctx to _internal_ssl_ctx (explicitly scoped to internal services)
- Image proxy now uses default SSL context (TLS verification enabled for external URLs)
- Logout cookie clearing now includes HttpOnly, Secure, SameSite=Lax
- proxy.py still uses internal context (Docker services have no valid certs)

Closes #7
This commit is contained in:
Yusuf Suleman
2026-03-29 09:13:37 -05:00
parent 590ea69900
commit 5f5660893d
3 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gateway/auth.py
View File

@@ -58,7 +58,7 @@ def handle_logout(handler):
delete_session(token)
handler.send_response(200)
handler.send_header("Content-Type", "application/json")
handler.send_header("Set-Cookie", "platform_session=; Path=/; Max-Age=0")
handler.send_header("Set-Cookie", "platform_session=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0")
resp = b'{"success": true}'
handler.send_header("Content-Length", len(resp))
handler.end_headers()