Add secure cookie header to protect login state data (#279)

25ca6286 · Martin Lowe · GitHub · d47f97d1 · 25ca6286
Unverified Commit 25ca6286 authored Oct 12, 2021 by Martin Lowe 🇨🇦 Committed by GitHub Oct 12, 2021
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -45,6 +45,7 @@ quarkus.oidc.logout.post-logout-path=/
 quarkus.oidc.logout.path=/api/logout
 security.csrf.enabled=true
 quarkus.oidc.authentication.java-script-auto-redirect=false
+quarkus.oidc.authentication.cookie-force-secure=true

 ## Recreate DB profile (easy to trigger in remote envs)
 %dbfresh.quarkus.hibernate-orm.database.generation=drop-and-create