lib/anubis: support setting extended cookie flags#120
Merged
Conversation
Signed-off-by: Xe Iaso <me@xeiaso.net>
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR enhances Anubis by enabling extended cookie configuration (domain, name, and partitioned flag) to support CHIPS and better customization.
- Updated test cases to validate extended cookie settings.
- Added new CLI flags for cookie parameters in the main command.
- Modified cookie handling in lib/anubis.go and lib/http.go to apply the new options.
Reviewed Changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| lib/anubis_test.go | Updated tests to load policies and verify cookie properties. |
| cmd/anubis/main.go | Introduced new flags for cookie-domain, cookie-name, and cookie-partitioned. |
| docs/docs/CHANGELOG.md | Documented the addition of extended cookie options. |
| lib/anubis.go | Integrated new cookie options into server initialization and handling. |
| lib/http.go | Modified ClearCookie to use the extended cookie options from server config. |
Files not reviewed (1)
- docs/docs/admin/installation.mdx: Language not supported
Comments suppressed due to low confidence (1)
lib/anubis.go:250
- The cookie is retrieved using the constant anubis.CookieName, but when setting the cookie the code uses s.opts.CookieName. To ensure consistency when custom cookie names are configured, update the cookie retrieval to use s.opts.CookieName.
ckie, err := r.Cookie(anubis.CookieName)
robbat2
approved these changes
Mar 25, 2025
Signed-off-by: Xe Iaso <me@xeiaso.net>
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for extended cookie flags to Anubis by introducing new configuration options and updating both server logic and tests.
- Adds new Options fields for cookie configuration (domain, name, partitioned).
- Updates cookie handling in the server and HTTP layers to use the new options.
- Introduces corresponding command-line flags and updates the test to verify cookie settings.
Reviewed Changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| lib/anubis_test.go | Updates test helper functions and cookie validation logic |
| cmd/anubis/main.go | Adds new command-line flag options for cookie configuration |
| docs/docs/CHANGELOG.md | Documents the addition of cookie configuration options |
| lib/anubis.go | Integrates new cookie options into server creation and request handling |
| lib/http.go | Refactors ClearCookie into a method, using the new cookie options |
Files not reviewed (1)
- docs/docs/admin/installation.mdx: Language not supported
| | :------------------------ | :--------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| | `BIND` | `:8923` | The network address that Anubis listens on. For `unix`, set this to a path: `/run/anubis/instance.sock` | | ||
| | `BIND_NETWORK` | `tcp` | The address family that Anubis listens on. Accepts `tcp`, `unix` and anything Go's [`net.Listen`](https://pkg.go.dev/net#Listen) supports. | | ||
| | `COOKIE_DOMAIN` | unset | The domain the Anubis challenge pass cookie should be set to. This should be set to the domain you bought from your registrar (EG: `techaro.lol` if your webapp is running on `anubis.techaro.lol`). See [here](https://stackoverflow.com/a/1063760) for more information. | |
Contributor
There was a problem hiding this comment.
Do we need to mention that under all domains the same anubis or the same secrets should be used?
Signed-off-by: Xe Iaso <me@xeiaso.net>
Xe
added a commit
that referenced
this pull request
Mar 27, 2025
Xe
added a commit
that referenced
this pull request
Mar 27, 2025
JasonLovesDoggo
pushed a commit
to JasonLovesDoggo/anubis
that referenced
this pull request
Jun 17, 2025
* lib/anubis: support setting extended cookie flags Signed-off-by: Xe Iaso <me@xeiaso.net> * lib: use cookie name consistently Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>
JasonLovesDoggo
pushed a commit
to JasonLovesDoggo/anubis
that referenced
this pull request
Jun 17, 2025
)" (TecharoHQ#134) This reverts commit e7cbd34.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #73
Checklist:
[Unreleased]section of docs/docs/CHANGELOG.md