challenges: prevent unbounded growth of stored cookies by bundling all state onto a single JWT token

2025-05-03 17:30:39 +02:00
parent 2cb5972371
commit 0e62f80f9b
19 changed files with 273 additions and 177 deletions
--- a/lib/http.go
+++ b/lib/http.go
@@ -267,10 +267,13 @@ func (state *State) handleRequest(w http.ResponseWriter, r *http.Request) {
 		cookies := r.Cookies()
 		r.Header.Del("Cookie")
 		for _, c := range cookies {
-			if !strings.HasPrefix(c.Name, utils.CookiePrefix) {
+			if !strings.HasPrefix(c.Name, utils.DefaultCookiePrefix) {
 				r.AddCookie(c)
 			}
 		}
+
+		// set response headers
+		data.ResponseHeaders(w)
 	}

 	for _, rule := range state.rules {
@@ -323,7 +326,5 @@ func (state *State) ServeHTTP(w http.ResponseWriter, r *http.Request) {

 	data.EvaluateChallenges(w, r)

-	data.ResponseHeaders(w.Header())
-
 	state.Mux.ServeHTTP(w, r)
 }