Fix documentation error, note security practices.

retrixe · Aug 7, 2023 · 2df5b08 · 2df5b08
1 parent 3be6959
commit 2df5b08
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/API.md b/API.md
@@ -64,7 +64,7 @@ This is the only endpoint which doesn't require authentication, since it is the
 
 **Request Query Parameters:**
 
-- `cookie` - Optional, defaults to `false`. If set to `true`, the token will be returned in a cookie in addition to the response body. Added in v1.1.0.
+- `cookie` - Optional, defaults to `false`. If set to `true`, the token will be returned in a cookie named `X-Authentication` instead, with a 3 month expiry, `SameSite=Strict` and `HttpOnly` (no `Secure`, since `SameSite=Strict` covers that when HTTPS is in use). Added in v1.1.0.
 
 **Request Headers:**
 
@@ -73,7 +73,9 @@ This is the only endpoint which doesn't require authentication, since it is the
 
 **Response:**
 
-HTTP 200 JSON body response with the token is returned on success, e.g. `{"token":"RCuRbzzSa51lNByCu+aeYXxoSeaO4HQgMJQ82gWqdSTPm7cHWCQxk7LoQEa8AIkiLBUQXCkkYF8gLHC3lOPfMVU4oU8rXGhQ1EB3VFP30VP2Dv7MG9clAsxuv2x+0jP5"}`
+HTTP 200 JSON body response with the token is returned on success, e.g. `{"token":"RCuRbzzSa51lNByCu+aeYXxoSeaO4HQgMJQ82gWqdSTPm7cHWCQxk7LoQEa8AIkiLBUQXCkkYF8gLHC3lOPfMVU4oU8rXGhQ1EB3VFP30VP2Dv7MG9clAsxuv2x+0jP5"}`.
+
+If the `cookie` query parameter is `true` and Octyne v1.1+ is in use, then the body will be `{"success":true}` instead, and the token will be contained in the `X-Authentication` cookie in `Set-Cookie` header (see `cookie`'s documentation for details).
 
 ---
 

diff --git a/README.md b/README.md
@@ -14,7 +14,7 @@ It incorporates the ability to manage files and access the terminal output and i
 - Place octyne in a folder, and run `chmod +x <octyne file name>` to mark it as executable if using macOS/Linux/*nix-like.
 - Follow the steps [here](https://github.com/retrixe/octyne#configuration) to configure Octyne correctly.
 - Run `./<octyne file name>` (`.\<octyne file name>.exe` on Windows) in a terminal in the folder to start Octyne. Alternatively, on Windows/Linux desktops, you can double click the file (on Linux, select `Run in Terminal`, else it will run in the background).
-- You may want to get [Ecthelion](https://github.com/retrixe/ecthelion) as aforementioned in the description, as a web app to manage Octyne, and [octynectl](https://github.com/retrixe/octynectl) as a CLI tool to manage Octyne locally on your machine.
+- You may want to get [Ecthelion](https://github.com/retrixe/ecthelion) as aforementioned in the description, as a web app to manage Octyne, and [octynectl](https://github.com/retrixe/octynectl) as a CLI tool to manage Octyne locally on your machine. [Additionally, make sure to follow the security practices here to prevent attacks against your setup!](https://github.com/retrixe/octyne#security-practices-and-reverse-proxying)
 
 ### Usage