Skip to content

http: add Secure flag to TXID cookie#447

Open
TanayK07 wants to merge 1 commit intosuperfly:mainfrom
TanayK07:fix/cookie-secure-flag
Open

http: add Secure flag to TXID cookie#447
TanayK07 wants to merge 1 commit intosuperfly:mainfrom
TanayK07:fix/cookie-secure-flag

Conversation

@TanayK07
Copy link

@TanayK07 TanayK07 commented Mar 5, 2026

The __txid cookie was being set without the Secure flag, allowing it to be transmitted over unencrypted connections. Since LiteFS typically runs behind a TLS-terminating reverse proxy, default SecureCookie to true so the cookie is only sent over HTTPS.

A "secure-cookie" option is added to the proxy YAML config so that users running local development without TLS can explicitly disable it.

Fixes #440

@TanayK07
http: add Secure flag to TXID cookie
ceb89df 
The __txid cookie was being set without the Secure flag, allowing it
to be transmitted over unencrypted connections. Since LiteFS typically
runs behind a TLS-terminating reverse proxy, default SecureCookie to
true so the cookie is only sent over HTTPS.

A "secure-cookie" option is added to the proxy YAML config so that
users running local development without TLS can explicitly disable it.

Fixes superfly#440
@TanayK07
Copy link
Author

TanayK07 commented Mar 5, 2026

@benbjohnson can you kindly assign someone to review. We have been using LiteFS in my org and I would like to contribute as well as fix this up

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

__txid cookie is missing secure flag

1 participant

@TanayK07