CSRF cookie is no longer encrypted

This commit is contained in:
aram price 2020-12-09 17:29:44 -08:00
parent f1f8ffa456
commit 86c75b7a80

View File

@ -94,8 +94,7 @@ func (m *Manager) SetProviders(oidcProviders ...*provider.OIDCProvider) {
upstreamStateEncoder.SetSerializer(securecookie.JSONEncoder{})
var csrfCookieEncoderHashKey = []byte("fake-csrf-hash-secret") // TODO replace this secret
var csrfCookieEncoderBlockKey = []byte("16-bytes-CSRF012") // TODO replace this secret
var csrfCookieEncoder = securecookie.New(csrfCookieEncoderHashKey, csrfCookieEncoderBlockKey)
var csrfCookieEncoder = securecookie.New(csrfCookieEncoderHashKey, nil)
csrfCookieEncoder.SetSerializer(securecookie.JSONEncoder{})
m.providerHandlers[(issuerHostWithPath + oidc.WellKnownEndpointPath)] = discovery.NewHandler(issuer)