Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Introduce ALLOW_HTTP env var that allows authentication to work without https #26

Merged
merged 2 commits into from
Sep 12, 2024

Conversation

vieiralucas
Copy link
Member

Closes #23

Notice that this is also removing the sessionExpiry cookie because it needs TLD to be set which defeats the idea of running Briefer without a domain.
The drawback of removing that is minor, it is only used at the frontend to know when the token is expired and move user back to login screen automatically. We should implement that using another strategy.

docs/DEPLOYMENT.md Outdated Show resolved Hide resolved
Co-authored-by: Lucas da Costa <[email protected]>
@vieiralucas vieiralucas merged commit 6593ff4 into main Sep 12, 2024
1 check passed
@vieiralucas vieiralucas deleted the allow-http branch September 12, 2024 16:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support ALLOW_HTTP for non-HTTPS deployments
2 participants