Merge branch '1-6-stable-auth-cookie-fixes' into '1-6-stable'v1.6.3 1-6-stable

Set max-age and secure flag for auth cookies See merge request gitlab/gitlab-pages!17
author: Nick Thomas <nick@gitlab.com> 2019-09-09 18:06:04 +0300
committer: Nick Thomas <nick@gitlab.com> 2019-09-09 18:06:04 +0300
commit: a254ab8233a08cd6c615352c77cabc5e06a6a16c (patch)
tree: e12028206ef1fab96fa3c4eec8a17fdffd55e547 /app.go
parent: d623618c95e5a96e6c7be7e173f7188f682994c1 (diff)
parent: 08c3c4c574592ba0cd8903b405fd500b14be5a29 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/app.go b/app.go
index 9d4f5bdb..4d050809 100644
--- a/app.go
+++ b/app.go
@@ -24,6 +24,7 @@ import (
 	"gitlab.com/gitlab-org/gitlab-pages/internal/domain"
 	"gitlab.com/gitlab-org/gitlab-pages/internal/httperrors"
 	"gitlab.com/gitlab-org/gitlab-pages/internal/netutil"
+	"gitlab.com/gitlab-org/gitlab-pages/internal/request"
 	"gitlab.com/gitlab-org/gitlab-pages/metrics"
 )
 
@@ -222,12 +223,15 @@ func (a *theApp) serveFileOrNotFound(domain *domain.D) http.HandlerFunc {
 
 func (a *theApp) ServeHTTP(ww http.ResponseWriter, r *http.Request) {
 	https := r.TLS != nil
+	r = request.WithHTTPSFlag(r, https)
+
 	a.serveContent(ww, r, https)
 }
 
 func (a *theApp) ServeProxy(ww http.ResponseWriter, r *http.Request) {
 	forwardedProto := r.Header.Get(xForwardedProto)
 	https := forwardedProto == xForwardedProtoHTTPS
+	r = request.WithHTTPSFlag(r, https)
 
 	if forwardedHost := r.Header.Get(xForwardedHost); forwardedHost != "" {
 		r.Host = forwardedHost
author	Nick Thomas <nick@gitlab.com>	2019-09-09 18:06:04 +0300
committer	Nick Thomas <nick@gitlab.com>	2019-09-09 18:06:04 +0300
commit	a254ab8233a08cd6c615352c77cabc5e06a6a16c (patch)
tree	e12028206ef1fab96fa3c4eec8a17fdffd55e547 /app.go
parent	d623618c95e5a96e6c7be7e173f7188f682994c1 (diff)
parent	08c3c4c574592ba0cd8903b405fd500b14be5a29 (diff)