From: "Shannon Sterz" <s.sterz@proxmox.com>
To: "Shannon Sterz" <s.sterz@proxmox.com>, <pbs-devel@lists.proxmox.com>
Subject: Re: [pbs-devel] [PATCH proxmox{,-backup} 0/4] HttpOnly follow-ups
Date: Fri, 25 Jul 2025 13:24:52 +0200 [thread overview]
Message-ID: <DBL3K4JON0NC.2FAIOY5L9R20M@proxmox.com> (raw)
In-Reply-To: <20250725112357.247866-1-s.sterz@proxmox.com>
On Fri Jul 25, 2025 at 1:23 PM CEST, Shannon Sterz wrote:
> this small series tries to smooth out the transition to HttpOnly cookies
> for our users:
>
> - cookies are now removed by the server if a 401 UNAUTHORIZED error is
> encountered. this matches the behaviour of our previous javascript
> browser-based clients. it is necessary, as they can't remove the
> cookie themselves anymore due to the new security measures.
> - log-in is possible again, even if an invalid HttpOnly cookie is
> provided.
> - `Expire` is removed from the cookies to make them "session cookies"
> again. this should restore security assumptions some users may have
> made about closing their browser and being logged out. note that
> session cookies may still be restored after a browser was closed, if
> the browser uses session restoration.
>
> proxmox:
>
> Shannon Sterz (3):
> rest-server: remove auth cookies via http header on unauthorized
> request
> auth-api: don't set `Expire` for HttpOnly cookies anymore
> auth-api: allow log-in via parameters even if HttpOnly cookie is
> invalid
>
> proxmox-auth-api/src/api/access.rs | 67 +++++++++++++++------------
> proxmox-auth-api/src/types.rs | 2 +-
> proxmox-rest-server/src/api_config.rs | 9 ++++
> proxmox-rest-server/src/rest.rs | 25 +++++++++-
> 4 files changed, 71 insertions(+), 32 deletions(-)
>
>
> proxmox-backup:
>
> Shannon Sterz (1):
> api/proxy: set auth cookie name in rest server api config
>
> src/auth.rs | 10 +++++++++-
> src/auth_helpers.rs | 1 +
> src/bin/proxmox-backup-api.rs | 1 +
> src/bin/proxmox-backup-proxy.rs | 1 +
> 4 files changed, 12 insertions(+), 1 deletion(-)
>
>
> Summary over all repositories:
> 8 files changed, 83 insertions(+), 33 deletions(-)
>
> --
> Generated by git-murpp 0.8.1
sorry for sending this a second time, was a bit too quick with `git
send-email`
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2025-07-25 11:24 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-25 11:23 Shannon Sterz
2025-07-25 11:23 ` [pbs-devel] [PATCH proxmox 1/3] rest-server: remove auth cookies via http header on unauthorized request Shannon Sterz
2025-07-25 12:15 ` Dominik Csapak
2025-07-25 11:23 ` [pbs-devel] [PATCH proxmox 2/3] auth-api: don't set `Expire` for HttpOnly cookies anymore Shannon Sterz
2025-07-25 12:15 ` Dominik Csapak
2025-07-25 11:23 ` [pbs-devel] [PATCH proxmox 3/3] auth-api: allow log-in via parameters even if HttpOnly cookie is invalid Shannon Sterz
2025-07-25 12:23 ` Dominik Csapak
2025-07-25 11:23 ` [pbs-devel] [PATCH proxmox-backup 1/1] api/proxy: set auth cookie name in rest server api config Shannon Sterz
2025-07-25 12:23 ` Dominik Csapak
2025-07-25 11:24 ` Shannon Sterz [this message]
2025-07-28 8:01 ` [pbs-devel] [PATCH proxmox{,-backup} 0/4] HttpOnly follow-ups Shannon Sterz
2025-07-28 12:56 ` [pbs-devel] applied: [PATCH proxmox{, -backup} " Thomas Lamprecht
-- strict thread matches above, loose matches on Subject: below --
2025-07-25 11:20 [pbs-devel] [PATCH proxmox{,-backup} " Shannon Sterz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DBL3K4JON0NC.2FAIOY5L9R20M@proxmox.com \
--to=s.sterz@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox