[pbs-devel] [PATCH proxmox{,-backup} 0/4] HttpOnly follow-ups

Shannon Sterz s.sterz at proxmox.com
Mon Jul 28 10:01:00 CEST 2025 

On Fri Jul 25, 2025 at 1:23 PM CEST, Shannon Sterz wrote:
> this small series tries to smooth out the transition to HttpOnly cookies
> for our users:
>
> - cookies are now removed by the server if a 401 UNAUTHORIZED error is
>   encountered. this matches the behaviour of our previous javascript
>   browser-based clients. it is necessary, as they can't remove the
>   cookie themselves anymore due to the new security measures.
> - log-in is possible again, even if an invalid HttpOnly cookie is
>   provided.
> - `Expire` is removed from the cookies to make them "session cookies"
>   again. this should restore security assumptions some users may have
>   made about closing their browser and being logged out. note that
>   session cookies may still be restored after a browser was closed, if
>   the browser uses session restoration.
>
> proxmox:
>
> Shannon Sterz (3):
>   rest-server: remove auth cookies via http header on unauthorized
>     request
>   auth-api: don't set `Expire` for HttpOnly cookies anymore
>   auth-api: allow log-in via parameters even if HttpOnly cookie is
>     invalid
>
>  proxmox-auth-api/src/api/access.rs    | 67 +++++++++++++++------------
>  proxmox-auth-api/src/types.rs         |  2 +-
>  proxmox-rest-server/src/api_config.rs |  9 ++++
>  proxmox-rest-server/src/rest.rs       | 25 +++++++++-
>  4 files changed, 71 insertions(+), 32 deletions(-)
>
>
> proxmox-backup:
>
> Shannon Sterz (1):
>   api/proxy: set auth cookie name in rest server api config
>
>  src/auth.rs                     | 10 +++++++++-
>  src/auth_helpers.rs             |  1 +
>  src/bin/proxmox-backup-api.rs   |  1 +
>  src/bin/proxmox-backup-proxy.rs |  1 +
>  4 files changed, 12 insertions(+), 1 deletion(-)
>
>
> Summary over all repositories:
>   8 files changed, 83 insertions(+), 33 deletions(-)
>
> --
> Generated by git-murpp 0.8.1

seems these patches were applied [1,2]

thanks!

[1]: https://git.proxmox.com/?p=proxmox-backup.git;a=commit;h=8f4e455550e470a670f139d6124a00887962122c
[2]: https://git.proxmox.com/?p=proxmox.git;a=commit;h=2c0b5edda2f778837c4d2eb8a259a04c3dca8ebd

More information about the pbs-devel mailing list