From 3e5973fc6e72f9692ca81db0c8ed0d2b9fb25bca Mon Sep 17 00:00:00 2001
From: Daniel Jiang <jiangd@vmware.com>
Date: Thu, 19 Sep 2019 20:38:19 +0800
Subject: [PATCH] Add Secure flag to cookie

This commit modifies nginx configuration file to make sure the secure
flag is added to "Set-Cookie" header when Harbor is serving https

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
---
 .../prepare/templates/nginx/nginx.https.conf.jinja  | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/make/photon/prepare/templates/nginx/nginx.https.conf.jinja b/make/photon/prepare/templates/nginx/nginx.https.conf.jinja
index e4ac93078..2d9e648e3 100644
--- a/make/photon/prepare/templates/nginx/nginx.https.conf.jinja
+++ b/make/photon/prepare/templates/nginx/nginx.https.conf.jinja
@@ -68,8 +68,7 @@ http {
       # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
       proxy_set_header X-Forwarded-Proto $scheme;
 
-      # Add Secure flag when serving HTTPS
-      proxy_cookie_path / "/; secure";
+      proxy_cookie_path / "/; HttpOnly; Secure";
 
       proxy_buffering off;
       proxy_request_buffering off;
@@ -83,7 +82,9 @@ http {
 
       # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
       proxy_set_header X-Forwarded-Proto $scheme;
-      
+
+      proxy_cookie_path / "/; Secure";
+
       proxy_buffering off;
       proxy_request_buffering off;
     }
@@ -96,6 +97,8 @@ http {
 
       # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
       proxy_set_header X-Forwarded-Proto $scheme;
+
+      proxy_cookie_path / "/; Secure";
       
       proxy_buffering off;
       proxy_request_buffering off;
@@ -109,6 +112,8 @@ http {
 
       # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
       proxy_set_header X-Forwarded-Proto $scheme;
+
+      proxy_cookie_path / "/; Secure";
       
       proxy_buffering off;
       proxy_request_buffering off;
@@ -139,6 +144,8 @@ http {
       # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
       proxy_set_header X-Forwarded-Proto $scheme;
 
+      proxy_cookie_path / "/; Secure";
+
       proxy_buffering off;
       proxy_request_buffering off;
     }