sjg/trx-rs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[fix](trx-frontend-http): warn when auth enabled but cookie_secure is false

Browse Source 
Log a startup warning when HTTP auth is active but cookie_secure remains
false, alerting operators that session cookies will be sent unencrypted.

https://claude.ai/code/session_01XzurkeuUmamBuhQwxVy7T4
Signed-off-by: Claude <noreply@anthropic.com>
This commit is contained in:
Claude
2026-03-26 06:26:35 +00:00
committed by Stan Grams
parent 9b6c845fa8
commit adf65ae56d
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/trx-client/trx-frontend/trx-frontend-http/src/server.rs
+11 -1
View File
@@ -32,7 +32,7 @@ use actix_web::{
use tokio::signal;
use tokio::sync::{broadcast, mpsc, watch};
use tokio::task::JoinHandle;
use tracing::{error, info};
use tracing::{error, info, warn};
use trx_core::RigRequest;
use trx_core::RigState;
@@ -208,6 +208,16 @@ fn build_server(
same_site,
);
// Warn operators if auth is enabled but cookie_secure is false,
// which means session cookies will be sent over plain HTTP.
if auth_config.enabled && !auth_config.cookie_secure {
warn!(
"HTTP auth is enabled but cookie_secure is false — \
session cookies will be sent over unencrypted connections. \
Set cookie_secure = true when behind a TLS-terminating proxy."
);
}
let context_data = web::Data::new(context);
let auth_state = web::Data::new(AuthState::new(auth_config.clone()));