mirror
/
dex
mirror of https://github.com/dexidp/dex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Apply suggestions from code review 

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com>
pull/4561/head
Maksim Nabokikh 3 days ago committed by GitHub
parent
b3d6048152
commit
a3b00ae201
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      docs/enhancements/auth-sessions-2026-02-18.md

4
docs/enhancements/auth-sessions-2026-02-18.md
Unescape View File

@ -1,4 +1,4 @@
# Dex Enhancement Proposal (DEP) - 2026-02-18 - Auth Sessions
# Dex Enhancement Proposal (DEP 4560) - 2026-02-18 - Auth Sessions
## Table of Contents
@ -168,7 +168,7 @@ staticClients:
**Cookie Security**: The session cookie is always set with secure defaults:
- `HttpOnly: true` - Not accessible via JavaScript
- `Secure: true` - Only sent over HTTPS (automatically disabled for localhost in dev)
- `Secure: (issuerURL.Scheme == "https")` - Only sent over HTTPS; for `http` (commonly used on localhost in dev) this is disabled
- `SameSite: Lax` - CSRF protection
- `Path: <issuerURL.Path>` - Derived from issuer URL (e.g., `/dex` for `https://example.com/dex`)

Write Preview
Loading…
Cancel
Save