-
-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(configuration): disallow public suffix domains #4855
Conversation
ArtifactsThese changes are published for testing on Buildkite, DockerHub and GitHub Container Registry. Docker Container
|
This adds a check to the domains configuration to ensure the domain value is not part of the public suffix list at https://publicsuffix.org. These domains are special and users cannot assign cookies with this domain value.
a577915
to
89b3533
Compare
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## master #4855 +/- ##
==========================================
+ Coverage 67.63% 67.66% +0.02%
==========================================
Files 281 282 +1
Lines 20647 20662 +15
Branches 443 443
==========================================
+ Hits 13965 13980 +15
Misses 5871 5871
Partials 811 811
Flags with carried forward coverage won't be shown. Click here to find out more.
|
✅ Deploy Preview for authelia-staging ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
This adds a check to the domains configuration to ensure the domain value is not part of the public suffix list at https://publicsuffix.org. These domains are special and users cannot write cookies with this domain value, this makes them unusable with Authelia and this more readily makes that apparent.